Assign topic to the user
According to ISO 27001 clause 6.1.3 d) you have to provide justification for inclusion of any implemented control and for the exclusion of any control related in the Annex A, so, for example, if you do not apply 56 controls from Annex A you have to justify the exclusion of each one of these 56 controls. Fulfilling this requirements will help you ensure no control has been left without a proper analysis.
This article will provide you further explanation about the statement of applicability content:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
These materials will also help you regarding the statement of applicability content:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Dec 19, 2017