A company wants to get certified for ISO 27001:2013 for their Data Center only. What would be the steps to achieve this? What is the implication on the Statement of Applicability document? Thank you in advance for your reply.
About the Statement of Applicability, it is one of the more important documents in the ISMS for any company, because basically is a list of controls with the applicability of each one (which are applicable and and which are not). So, you can write this document only after the execution of the risk assessment & risk treatment. To know more about the main activities that you need to perform in the implementation of the ISMS please re ad this article ISO 27001 implementation checklist" : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/