Expert Advice Community

Guest

SoA before or after the Risk assessment & Risk treatment

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

SoA before or after the Risk assessment & Risk treatment

0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

Guest
AntonioS Jan 13, 2016

I'm new at this. I was wondering about the SoA, does it come right after the risk assessment or after the treatment plan
 

Answer:

The Statement of Applicability basically shows the list of all controls that you have implemented, so you will complete this document after the risk treatment, but before the risk treatment plan. If you need information about the steps of the risk assessment & treatment, please read this article “ISO 27001 risk assessment & treatment – 6 basic steps” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/ . This article can be also interesting for you "Risk Treatment Plan and risk treatment process - What's the difference?" : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
And also this article about the importance of the SoA can be interesting for you “The importance of Statement of Appl icability for ISO 27001” : https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016