Question about SOA
1 - Is the SOA related to the scope?
2 - How can we verify the inclusion and exclusion of controls?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1 - Is the SOA related to the scope?
Your assumption is correct. The Statement of Applicability is used, among other things, to identify the controls applicable to protect the elements identified in the ISMS scope.
This article will provide you a further explanation about the Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
2 - How can we verify the inclusion and exclusion of controls?
Inclusions and exclusions of controls are made through the risk assessment and risk treatment process, and by the evaluation of legal requirements (e.g., laws, regulations, and contracts), your organization has to comply with it.
This article will provide you a further explanation about risk assessment and risk treatment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
These materials will also help you regarding ISO 27001:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 08, 2020