ISO 27001 Foundations Course comment
“List of all the controls from Annex A and any additional controls that might be identified in the risk treatment process”
“all the controls from Annex A ” means the 114 controls.
So this should be false and the quiz consider it true.
I know it’s meant this SELECTED controls from Annex A, but that is not what is written.
Assign topic to the user
Please note that the question refers to the Statement of Applicability document (“The Statement of Applicability document should include:”)
Considering that, ISO 27001 clauses 6.1.3 d), and 6.1.3.c requires that all 114 controls from Annex A are included in the SoA, not only those deemed applicable, as well as additional controls from other sources. For those controls from Annex A deemed not applicable, you need to provide justification for their exclusion.
This article will provide you a further explanation about the Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Jan 19, 2021