Expert Advice Community

Home / ISO 27001 & 22301 / Providing SoA to customers

Guest

Providing SoA to customers

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Apr 03, 2019 Last commented:   Apr 03, 2019

Providing SoA to customers

ISO 27001 & 22301
I have a customer asking me to provide them my declaration of applicability. Is that something that is custom to provide that?
0 0

Assign topic to the user

ISO 27001 STATEMENT OF APPLICABILITY

List all controls and determine which are applicable and why.

ISO 27001 STATEMENT OF APPLICABILITY

List all controls and determine which are applicable and why.
Expert
Rhand Leal Apr 03, 2019

Answer:

In fact customers can ask for your Statement of Applicability to have an overview of your information security posture and approach, but since it contains sensitive information about how you protect information, I'd recommend you to use some cost-benefit method or criteria to identify if providing this document would be worthy, considering the risks to the business regarding the confidentiality of the information provided, and the value of this customer to your business. In case you decide to provide the Statement of Applicability you should ask customer to sign a non disclosure agreement (NDA) before you send such confidential information.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 03, 2019

Apr 03, 2019

Suggested Topics
Evelin Created:   Jun 12, 2024 ISO 27001 & 22301
Replies: 3
0 0

How comprehensive and specific should we describe the implementation methods in SoA?
Gerry Created:   Nov 27, 2023 ISO 27001 & 22301
Replies: 1
0 0

SoA Tasks
Guest user Created:   Aug 29, 2023 ISO 27001 & 22301
Replies: 1
0 0

Controls in the SoA that so not show up in the Risk Assessment