SoA availability
Assign topic to the user
Do you publish your SoA?
Answer: ISO 27001 does not require the SoA document to be available to interested parties, so its availability to customers and people outside the organization is a top management decision based on its business strategy and objectives.
Since the SoA can contain various confidential information, it is understandable why this document shouldn't be circulated to too many people. Of course, if you have some special clients, you can show this document to them.
But then how do you (as a customer) really know what the true value is of a suppliers IOS27001 certification if you don't know what controls are or are not implemented?
Comment as guest or Sign in
Oct 19, 2017