Expert Advice Community

Guest

SoA update

  Quote
Guest
Guest user Created:   Sep 28, 2018 Last commented:   Sep 28, 2018

SoA update

Hi, should we update the statuses in the SOA ongoing or is this done annually?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 28, 2018

Answer:

Once a year is not enough. You should update SoA at least once a month or more often, considering how changes in the ISMS environment and new and modified risks affect the implemented controls, so the SoA can keep reflecting the way the organization handles its information security.

This article will provide you further explanation about SOA:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 27, 2018

Sep 27, 2018

Suggested Topics

Guest user Created:   Oct 04, 2022 ISO 27001 & 22301
Replies: 3
0 0

Question on risk assessment

Guest user Created:   Sep 28, 2022 ISO 27001 & 22301
Replies: 1
0 0

IT Security Policy too narrow

Tonya Created:   Sep 27, 2022 ISO 27001 & 22301
Replies: 1
0 0

Compliance Manager