Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends February 29, 2024
Use promo code:
EXAM20

Expert Advice Community

SOA for a global company

  Quote
Created:   Jul 20, 2022 Last commented:   Jul 22, 2022

SOA for a global company

We are in de process of certifying a global company. there are 2 countries within the scope. one of the countries within the scope does not develop or maintain systems. 1. Can we add a column to the SOA justifying that one country does not develop? Or will that country have an own SOA? 2. Show we also add this to the scope statement? because not all controls apply to one country Thank you for all the responses.
0 1

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 22, 2022

1. Can we add a column to the SOA justifying that one country does not develop? Or will that country have an own SOA?

Please note that justification for applicability/non-applicability of control is a mandatory requirement for the SoA (clause 6.1.3 “d”), so in case you have a control that is applicable to one country but not to the other, you can use this column to inform to which country the control applies or not.

For example: Control xxx is applicable to country A due to relevant risks aaa and bbb, but it is not applicable to country B because there are no relevant risks or legal requirements that justify its implementation. 

To see an SoA document compliant with ISO 27001, please access this free demo: https://advisera.com/27001academy/documentation/statement-of-applicability/

For further information, see:

2. Show we also add this to the scope statement? because not all controls apply to one country

Please note that the ISMS scope is written before the risk assessment and SoA, and it does not specify controls - it only specifies which parts of the company are included in the scope.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 20, 2022

Jul 22, 2022