Assign topic to the user
There is no generic SoA, or I don't know this. To know exactly what controls you need to apply in your organization, first you need to perform the risk assessment, which give you information about risks that you need to reduce. And as you know, you can reduce risks with the security controls, and in this case you will need to apply them in the Statement of Applicability.
For more information about the steps for the execution of the risk assessment & treatment, please read this article ISO 27001 risk assessment & treatment 6 basic steps : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
Also this article can be interesting for you "The importance of Statement of applicability for ISO 27001" : https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Jan 12, 2016