Assign topic to the user
I wonder if it is possible to fill in SOA Applicability ''No'' for a certain controls from Annex A/ table A.1, in the situation a risk is Shared with the Company. (e.g. HR security)
Answer: Sharing a risk means some part of the responsibility is divided between the Division and the Company, so you cannot state these controls as not applicable, but you can include observations stating this shared situation.
This article will provide you further explanation about SOA:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Nov 21, 2017