Limited-time offer
Lock in 2024 prices now for ISO 27001 toolkits, course exams, and software!
This offer is valid until December 19, 2024.

Expert Advice Community

Guest

SoA and mandatory documents

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

SoA and mandatory documents

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 12, 2016

Question 1: Does this then mean that when the SOA controls are selected that the controls linked to the mandatory documents also needs to be selected for implementation?
Question 2: If that specific control has not been linked as a mitigating control to an identified risk, why must the document then be developed and implemented?
·         Secure system engineering principles (clause A.14.2.5)
·         Supplier security policy (clause A.15.1.1)
·         Incident management procedure (clause A.16.1.5)
·         Business continuity procedures (clause A.17.1.2)
 

Answer 1: If you have in your SoA a control that have been applied and it is related to a mandatory document, sure, you need to implement (and document) it.
Answer 2: If you do not apply a control (related to a mandatory document), it is not necessary to develop a document for it. Another scenario is: you have a control that applies, but it is not related to a mandatory document, so it is not necessary to develop it. And another scenario: you have a control that applies, and it is related to a mandatory document, so it is necessary to develop it.
Anyway, in the most of companies all controls related to the mandatory document are applied, so in the most of cases you will need to develop all mandatory documents because they will be related to controls that apply to the organization.
Finally, I think that this article can be interesting for you, please read it “The importance of Statement of Applicability for ISO 27001” : https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics

Guest user Created:   Jun 10, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question about SoA

Guest user Created:   Dec 23, 2019 ISO 27001 & 22301
Replies: 1
0 0

SOA Documentation