Expert Advice Community

Home / ISO 27001 & 22301 / Filling SoA template

Guest

Filling SoA template

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Dec 06, 2017 Last commented:   Dec 06, 2017

Filling SoA template

ISO 27001 & 22301
I have a question about Statement of Applicability template. It has a column called "Justification for selection/non-selection" and you have commented it "Based on risk assessment results, contractual and legal obligations.". Could you please give further guidance for this column? I'm not sure what should I fill in this column.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Dec 06, 2017

Answer: Sure. If you want to justify the application of a control because of risk assessment results, then you should include in the justification the risks that that control will treat (or the identification of those risks, e.g, ID number, and the document where they can be found, e.g., Risk Assessment Report). To justify a non-selection you can state that "No unacceptable risk which would require the implementation of this control was identified in the risks assessment, according the

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 06, 2017

Dec 06, 2017

Suggested Topics
Guest user Created:   Aug 03, 2018 ISO 27001 & 22301
Replies: 1
0 0

Filling SoA template
Guest user Created:   Aug 04, 2018 ISO 27001 & 22301
Replies: 1
0 0

Filling a SoA template
Guest user Created:   Mar 10, 2019 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content