Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

SOA content

  Quote
Guest
Guest user Created:   Nov 21, 2017 Last commented:   Nov 21, 2017

SOA content

The company I am working for has decided to implement ISO 27001 for a division only, a Division building up an iPaaS. I have a question related to SOA.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 21, 2017

I wonder if it is possible to fill in SOA Applicability ''No'' for a certain controls from Annex A/ table A.1, in the situation a risk is Shared with the Company. (e.g. HR security)

Answer: Sharing a risk means some part of the responsibility is divided between the Division and the Company, so you cannot state these controls as not applicable, but you can include observations stating this shared situation.

This article will provide you further explanation about SOA:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 21, 2017

Nov 21, 2017

Suggested Topics

Guest user Created:   Nov 22, 2017 ISO 27001 & 22301
Replies: 1
0 0

SoA content_

Guest user Created:   Sep 17, 2017 ISO 27001 & 22301
Replies: 2
0 1

SOA content fields