Expert Advice Community

Home / ISO 27001 & 22301 / SOA content fields

Guest

SOA content fields

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Sep 17, 2017 Last commented:   Sep 19, 2017

SOA content fields

ISO 27001 & 22301
Hi, I have a question about the Statement of Applicability, the document needs to follow the exact format that is suggested in the video? I mean it is mandatory to use the following fields, or it could have a different format?
0 1

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Sep 17, 2017

clause, number, control objective, applicability, justification for selection, implementation method, status

Answer: Not all fields in the document presented on the video are mandatory (some of them were included based on our experience that they can help manage the ISMS). According ISO 27001, the following information must be included in the SOA:
- All controls (covered by "clause" field)
- Justification for inclusions (covered by "justification for selection"field)
- Implementation status (covered by "status" field)
- justification for exclusions of controls from Annex A (covered by "justification for selection"field)

Regarding the format, you can adapt the information to any format your organization considers proper (a document, a spreadsheet, etc.)

Quote
0 0
Guest
Viktor Sep 19, 2017

Thank you!

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 17, 2017

Sep 18, 2017

Suggested Topics
Guest user Created:   Jul 29, 2017 ISO 27001 & 22301
Replies: 1
0 0

SoA content
Gerry Created:   Nov 27, 2023 ISO 27001 & 22301
Replies: 1
0 0

SoA Tasks
Guest user Created:   Aug 29, 2023 ISO 27001 & 22301
Replies: 1
0 0

Controls in the SoA that so not show up in the Risk Assessment