SoA alteration
Assign topic to the user
Answer:
For a small change on the SoA you only have to keep the evidences that the impact of the changes was evaluated (e.g., by means of an additional management review) and that the required changes on implemented controls were properly planned and implemented. These evidences must be presented on the next surveillance audit.
For big changes on SoA, we recommend you to contact your certification body so it can evaluate if an extra surveillance audit is necessary, or if the certification auditor can leave this verification for the scheduled surveillance audit.
This material will provide you further explanation about SoA:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
- Book Secure & Simp le: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Feb 01, 2019