Hello friends,
The Statement of Applicability (SoA) is applied only to the process of the scope of the ISMS?? or it's applied to whole organization??
Thanks you for your help
Best regards
Assign topic to the user
Cesar,
You are free to decide whether the controls from Statement of Applicability will apply to your whole organization or only to the ISMS scope.
However, in case you go for the ISO 27001 certification, then in SoA you should use only the controls that apply to your ISMS scope because otherwise you will have problems with the certification auditor.
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016