ISMS statement
Assign topic to the user
Answer: From your question I'll assume you are referring to the Statement of Applicability (SoA). Considering that, you have to evaluate if the SoA must be updated when there is a significant change in the ISMS scope or risk scenario, or at least during the management review, which normally is performed at least once a year. For controlling the SOA version you have to verify what is defined in your procedure for control of documents and records, because the SoA is a mandatory record for ISO 27001 certification.
This article will provide you further explanation about SoA:
-The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
These materials will also help you regarding SoA:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 10, 2018