Guest user Created: Oct 19, 2017 Last commented: Oct 19, 2017

SoA availability

I am a little suprised that it is not easy to get to see a certified company's SoA. I was taight in my course that the certification is all about transparency so that your customers can see exactly what controls and measures you have or haven't taken to maximise your information security.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Oct 19, 2017

Do you publish your SoA?

Answer: ISO 27001 does not require the SoA document to be available to interested parties, so its availability to customers and people outside the organization is a top management decision based on its business strategy and objectives.

Since the SoA can contain various confidential information, it is understandable why this document shouldn't be circulated to too many people. Of course, if you have some special clients, you can show this document to them.

Quote

0 0

Guest

marcelschouten Oct 19, 2017

But then how do you (as a customer) really know what the true value is of a suppliers IOS27001 certification if you don't know what controls are or are not implemented?

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 19, 2017

Expert Advice Community