Justification in a Statement of Applicability
Assign topic to the user
Answer: To justify an implemented control that do not have identified risks on the Risk Assessment, that can be related to it, the most suitable justification on the Statement of Applicability would be, as you thought, the original reason that justified the control implementation, something like "control implemented as a requirement of interested parties", or "control considered common sense / normal operating procedure in our industry".
This article will provide you further explanation about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
This article will provide you further explanation about the Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
These materials will also help you regarding risk assessment and SoA:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 17, 2016