Mandatory controls for SoA
Hi. I've recently bought your template pack for ISO 27001. I was told i could just send you a message if a questions popped up. Right now I'm about to do the SoA but is there anywhere I can find the full list of all 114 controls? And can i somehow see/know which of them are mandatory to implement?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1 - Right now I'm about to do the SoA but is there anywhere I can find the full list of all 114 controls?
Answer: Please note that the Statement of Applicability template in your toolkit already contains names of the 114 controls listed in the ISO 27001 Annex A.
In case you are looking for detailed information about them, then you need to buy the standard ISO 27001 because its content is an intellectual property of ISO and cannot be sold with the toolkit.
By the way, included in the toolkit, you have access to a video tutorial that can help you fill in the Statement of Applicability.
For further information about ISO 27001 controls, see:
- A quick guide to ISO 27001 controls from Annex A https://advisera.com/27001academy/iso-27001-controls/
This material can also help you:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
2 - And can i somehow see/know which of them are mandatory to implement?
Answer: Please note that no control in ISO 27001 Annex A is mandatory to implement. The need for implementation is based on the results of risk assessment and identified applicable legal requirements.
Included in your toolkit you have access to video tutorials that can help you perform a risk assessment and determine which controls would be required for your implementation.
For further information, see:
- ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
These materials will also help you regarding risk management:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 06, 2021