Guest
ISO 27001-Advice- Clause 6.1.3 d)
I would like your point of view on the following:
I am confused about how to interpret this clause
If I had an SoA with the following columns, will it meet the requirements of this clause:
or should it be like this to meet the requirement?
Assign topic to the user
Expert
Rhand Leal
Jun 02, 2021
To meet this requirement you should consider these fields from your example:
- Annex A reference
- Control title
- Applicability (yes/no)
- Justification for inclusion/exclusion (you do not need separated columns because these situations are mutually exclusive)
- Status
You should also consider these additional fields:
- Control objectives (because security objectives are required by the standard, this field can help you fulfill this requirement in this same document)
- Implementation method (this field can help in the understanding of your security environment by providing a short description of controls that do not require a specific document to be written, or by providing a link to a developed document).
To see a Statement of Applicability compliant with ISO 27001 looks like, please access this free demo: https://advisera.com/27001academy/documentation/statement-of-applicability/
This article will provide you a further explanation about the Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
These materials will also help you regarding the Statement of Applicability:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jun 02, 2021
Jun 02, 2021
Jun 02, 2021