Expert Advice Community

Guest

Question on SOA

  Quote
Guest
Guest user Created:   Nov 24, 2021 Last commented:   Nov 24, 2021

Question on SOA

In your template for the SOA you show the column “Control objectives” for which in my understanding S.M.A.R.T objectives shall be listed. In your ISO 27001 foundation course video about the SOA, this column is missing. Therefore, I would like to know if it is mandatory or not? Because I struggle to find adequate measurable objectives for all applicable controls.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 24, 2021

ISO 27001 doesn't require you to specify objectives in the Statement of Applicability - you can use some other document for this purpose. However, we felt that listing objectives next to each control in SoA is the most practical solution.

Regarding the objectives, to make it easier, you can specify the objectives for groups of controls, very similar to what is written in Annex A of ISO 27001.

This article will provide you a further explanation about Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/ 
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Nov 24, 2021

Nov 24, 2021

Suggested Topics

Guest user Created:   Jun 10, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question about SoA

Guest user Created:   May 08, 2020 ISO 27001 & 22301
Replies: 1
0 0

Question about SOA

Guest user Created:   Jun 04, 2019 ISO 27001 & 22301
Replies: 1
0 0

SOA question