BLACK FRIDAY DISCOUNT
Get 30% off on toolkits, course exams, Conformio, and Company Training Academy yearly plans.
Limited-time offer – ends December 2, 2024
Use promo code:
30OFFBLACK

Expert Advice Community

Guest

Statement of Applicability

  Quote
Guest
Guest user Created:   Apr 06, 2023 Last commented:   Apr 06, 2023

Statement of Applicability

For the Statement of Applicability, are we to justify ONLY what we would like to implement, or do we need to go through each control listed in Annex A and explain why we have (or haven't) decided to implement them?

Assign topic to the user

ISO 27001 STATEMENT OF APPLICABILITY

List all controls and determine which are applicable and why.

ISO 27001 STATEMENT OF APPLICABILITY

List all controls and determine which are applicable and why.

Expert
Rhand Leal Apr 06, 2023

You need to go through all controls listed in Annex A and explain why we have (or haven't) decided to implement them.

Please note that according to ISO 27001, the following information must be included in the SOA:

  • All applied controls
  • Justification for inclusions
  • Implementation status
  • Justification for exclusions of controls from Annex A

You can also add information you consider relevant to help manage the ISMS (e.g., a brief description of how the control is implemented).

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 06, 2023

Apr 06, 2023