SOA Control Objectives
I am reviewing the “Statement of Applicability” document within the 27001 2022 toolkit and noticed that under the SOA table in para. 3. Applicability of controls there isn’t any control objectives.
Can you confirm that the controls listed in the 27002-2022 are the same controls used in the 27001 2022.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
The controls listed in the SoA template included in the ISO 27001:2022 toolkit are the same ones defined in the ISO 27002:2022.
Please note that the column “Control Objectives” needs to be filled in by the organization. Control objectives are not mandatory in SoA, but including them in the SoA will make it easier to follow them, and reduce administrative effort to keep them in a separate document.
These articles will provide you with further explanation about ISO 27001 and ISO 27002 controls:
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
- Main changes in the new ISO 27002 2022 revision https://advisera.com/27001academy/blog/2022/01/30/main-changes-in-the-upcoming-new-version-of-iso-27002/
- Detailed explanation of 11 new security controls in ISO 27001:2022 https://advisera.com/27001academy/explanation-of-11-new-iso-27001-2022-controls/
Comment as guest or Sign in
Sep 06, 2022