ISO 27001 Foundations Course comment
“List of all the controls from Annex A and any additional controls that might be identified in the risk treatment process”
“all the controls from Annex A ” means the 114 controls.
So this should be false and the quiz consider it true.
I know it’s meant this SELECTED controls from Annex A, but that is not what is written.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Please note that the question refers to the Statement of Applicability document (“The Statement of Applicability document should include:”)
Considering that, ISO 27001 clauses 6.1.3 d), and 6.1.3.c requires that all 114 controls from Annex A are included in the SoA, not only those deemed applicable, as well as additional controls from other sources. For those controls from Annex A deemed not applicable, you need to provide justification for their exclusion.
This article will provide you a further explanation about the Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Jan 19, 2021