Question on SOA
Assign topic to the user
ISO 27001 doesn't require you to specify objectives in the Statement of Applicability - you can use some other document for this purpose. However, we felt that listing objectives next to each control in SoA is the most practical solution.
Regarding the objectives, to make it easier, you can specify the objectives for groups of controls, very similar to what is written in Annex A of ISO 27001.
This article will provide you a further explanation about Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Comment as guest or Sign in
Nov 24, 2021