Expert Advice Community

Guest

Query on ISO 27001:2022 SOA

  Quote
Guest
Guest user Created:   Apr 24, 2023 Last commented:   Apr 24, 2023

Query on ISO 27001:2022 SOA

I have a question where I need your help:

You can refer to this link:
https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

Now for the ISO 27001:2022 SOA

do we need to add a column on how each control is implemented or it is not mandatory?

and only the following columns are sufficient:

- definition of which controls (security measures) will be applied, covering the suggested controls from ISO 27001 Annex A
- justification for inclusion of controls that are applicable
- the implementation status of applicable controls (i.e., if they are implemented or not)
- justification for the exclusion of controls from Annex A that are not applicable

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 24, 2023

ISO 27001 does not prescribe that information about how a control is implemented needs to be included in the SoA (the four items you listed are the only ones mandatory to be included in the SoA).

However, we highly recommend including in SoA this information, because since SoA is a document that summarizes security practices adopted by an organization, this additional information makes the SoA a more useful document.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 24, 2023

Apr 24, 2023

Suggested Topics

Nataliya Created:   May 30, 2023 ISO 27001 & 22301
Replies: 1
0 0

Scope. ISO 27001

Guest user Created:   May 26, 2023 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 compliance process