Expert Advice Community

Guest

ISO 27001-Advice- Clause 6.1.3 d)

  Quote
Guest
Guest user Created:   Jun 02, 2021 Last commented:   Jun 02, 2021

ISO 27001-Advice- Clause 6.1.3 d)

I would like your point of view on the following:
https://i.imgur.com/nStBOaI.png

I am confused about how to interpret this clause

If I had an SoA with the following columns, will it meet the requirements of this clause:
https://i.imgur.com/Kw0pnmW.png

or should it be like this to meet the requirement?
https://i.imgur.com/B2HkVYb.png

0 1

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 02, 2021

To meet this requirement you should consider these fields from your example:

  • Annex A reference
  • Control title
  • Applicability (yes/no)
  • Justification for inclusion/exclusion (you do not need separated columns because these situations are mutually exclusive)
  • Status

You should also consider these additional fields:

  • Control objectives (because security objectives are required by the standard, this field can help you fulfill this requirement in this same document)
  • Implementation method (this field can help in the understanding of your security environment by providing a short description of controls that do not require a specific document to be written, or by providing a link to a developed document).  

To see a Statement of Applicability compliant with ISO 27001 looks like, please access this free demo: https://advisera.com/27001academy/documentation/statement-of-applicability/

This article will provide you a further explanation about the Statement of Applicability:

These materials will also help you regarding the Statement of Applicability:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jun 02, 2021

Jun 02, 2021

Suggested Topics

Guest user Created:   Oct 22, 2021 ISO 27001 & 22301
Replies: 1
0 0

AML-ISO 27001

Lee Created:   Oct 21, 2021 ISO 27001 & 22301
Replies: 2
0 0

ISO27001 Lead Implementer Training