I'm new at this. I was wondering about the SoA, does it come right after the risk assessment or after the treatment plan
Answer:
The Statement of Applicability basically shows the list of all controls that you have implemented, so you will complete this document after the risk treatment, but before the risk treatment plan. If you need information about the steps of the risk assessment & treatment, please read this article ISO 27001 risk assessment & treatment 6 basic steps : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/ . This article can be also interesting for you "Risk Treatment Plan and risk treatment process - What's the difference?" : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
And also this article about the importance of the SoA can be interesting for you The importance of Statement of Appl icability for ISO 27001 : https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Jan 12, 2016