Guest
Filling SoA template
I have a question about Statement of Applicability template. It has a column called "Justification for selection/non-selection" and you have commented it "Based on risk assessment results, contractual and legal obligations.". Could you please give further guidance for this column? I'm not sure what should I fill in this column.
Assign topic to the user
Expert
Rhand Leal
Dec 06, 2017
Answer: Sure. If you want to justify the application of a control because of risk assessment results, then you should include in the justification the risks that that control will treat (or the identification of those risks, e.g, ID number, and the document where they can be found, e.g., Risk Assessment Report). To justify a non-selection you can state that "No unacceptable risk which would require the implementation of this control was identified in the risks assessment, according the
Comment as guest or Sign in
Dec 06, 2017
Dec 06, 2017
Dec 06, 2017