Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Identification of justifications for SoA

  Quote
Guest
Guest user Created:   Jan 06, 2020 Last commented:   Jan 06, 2020

Identification of justifications for SoA

In the Document 06_Statement of Applicability, in the Column below in “Justification for selection/non Selection in SOA” how can we identify that whether the selection of a control is based on Risk Assessment results, contractual or legal obligation?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 06, 2020

https://advisera.zendesk.com/attachments/token/0Sa3NH86A9WJA1S9njTfJrTuc/?name=image001.png

When the justification for control applicability is related to risk assessment results, you can identify the Id of the related risks (e.g., results of last risk assessment ID 32, ID 17, and ID 23). As for contractual or legal obligation, you can identify the name of the obligation (e.g., name of the law or ID of the contract), and the clauses related to the control.

Included in the toolkit you bought you also have access to a video tutorial that can help you fill the Statement of Applicability.

This article will provide you a further explanation about Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 06, 2020

Jan 06, 2020

Suggested Topics