Query on ISO 27001:2022 SOA
I have a question where I need your help:
You can refer to this link:
Now for the ISO 27001:2022 SOA
do we need to add a column on how each control is implemented or it is not mandatory?
and only the following columns are sufficient:
- definition of which controls (security measures) will be applied, covering the suggested controls from ISO 27001 Annex A
- justification for inclusion of controls that are applicable
- the implementation status of applicable controls (i.e., if they are implemented or not)
- justification for the exclusion of controls from Annex A that are not applicable
Assign topic to the user
Please select user.
Apr 24, 2023