Hi, should we update the statuses in the SOA ongoing or is this done annually?
Assign topic to the user
Expert
Rhand Leal
Sep 28, 2018
Answer:
Once a year is not enough. You should update SoA at least once a month or more often, considering how changes in the ISMS environment and new and modified risks affect the implemented controls, so the SoA can keep reflecting the way the organization handles its information security.
This article will provide you further explanation about SOA:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Sep 27, 2018
Sep 27, 2018
Sep 27, 2018