ISO 27001 Annex A controls and the Statement of Applicability
Assign topic to the user
Answer: According to ISO 27001:2013, clause 6.1.3.d, all the 114 controls described in the Annex A must be listed in SoA. The controls which are not needed, because there are no related risks or requirements of interested parties to justify their implementation, can be marked as non applicable.
This article will provide you further explanation about the Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
These materials will also help you regarding the Statement of Applicability:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 11, 2016