Expert Advice Community

Guest

SOA content

  Quote
Guest
Guest user Created:   Sep 15, 2017 Last commented:   Sep 15, 2017

SOA content

What I have to put in justification of selection and non selection and objective control in SOA?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 15, 2017

Answer: Basically you have to put the reason why the control is applicable or not to your organization.

To justify the application of a control you can state it is applicable because:
- of the results of risk assessment (e.g., applicable because the risk number xxxx);
- it should comply with a legal requirement (e.g., applicable to ensure compliance with law, industry regulation or contract);
- of a top management decision

In general the justification to not apply a control is related to the fact that there is not unacceptable risk related to that control, or that Top Management has accepted the risk as it is.

These articles will provide you further explanation about SOA content:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
- 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/b log/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/

These materials will also help you regarding SOA content:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 15, 2017

Sep 15, 2017

Suggested Topics

hamzamuhammad Created:   Dec 18, 2017 ISO 27001 & 22301
Replies: 1
0 0

SOA Content

Guest user Created:   Nov 22, 2017 ISO 27001 & 22301
Replies: 1
0 0

SoA content_

Guest user Created:   Nov 21, 2017 ISO 27001 & 22301
Replies: 1
0 0

SOA content