SOA content fields
Assign topic to the user
clause, number, control objective, applicability, justification for selection, implementation method, status
Answer: Not all fields in the document presented on the video are mandatory (some of them were included based on our experience that they can help manage the ISMS). According ISO 27001, the following information must be included in the SOA:
- All controls (covered by "clause" field)
- Justification for inclusions (covered by "justification for selection"field)
- Implementation status (covered by "status" field)
- justification for exclusions of controls from Annex A (covered by "justification for selection"field)
Regarding the format, you can adapt the information to any format your organization considers proper (a document, a spreadsheet, etc.)
Comment as guest or Sign in
Sep 18, 2017