Info about SoA document
Assign topic to the user
A third common justification can be “Management decision”, when the management decide they consider a control to be applicable, and this decision can be based on anything they consider important, including business requirements.
If your reason is improving a market position, it would be better to write 'Management decision' instead because marketing is not directly related to security.
For further information, see:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Nov 19, 2021