Expert Advice Community

Home / ISO 27001 & 22301 / Info about SoA document

Guest

Info about SoA document

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Nov 19, 2021 Last commented:   Nov 19, 2021

Info about SoA document

ISO 27001 & 22301
Quick question about the "Justification for selection/non-selection" column: I watched the video, and the examples say that there must always be a risk or regulatory reason, couldn't it also be a requirement of the business or ISO itself? For example, could be A.5.1.1 a business requirement to improve market position?
0 0

Assign topic to the user

ISO 27001 STATEMENT OF APPLICABILITY

List all controls and determine which are applicable and why.

ISO 27001 STATEMENT OF APPLICABILITY

List all controls and determine which are applicable and why.
Expert
Rhand Leal Nov 19, 2021

A third common justification can be “Management decision”, when the management decide they consider a control to be applicable, and this decision can be based on anything they consider important, including business requirements.

If your reason is improving a market position, it would be better to write 'Management decision' instead because marketing is not directly related to security.

For further information, see:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/ 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 19, 2021

Nov 19, 2021

Suggested Topics
Guest user Created:   Jun 10, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question about SoA
Guest user Created:   Jun 11, 2020 ISO 27001 & 22301
Replies: 1
0 0

Implementing information security continuity
Guest user Created:   May 13, 2020 ISO 27001 & 22301
Replies: 1
0 0

Annex controls in SOA