ISO 27001 & 22301 / Statement of Applicability
For the Statement of Applicability, are we to justify ONLY what we would like to implement, or do we need to go through each control listed in Annex A and explain why we have (or haven't) decided to implement them?
Please select user.
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
You need to go through all controls listed in Annex A and explain why we have (or haven't) decided to implement them.
Please note that according to ISO 27001, the following information must be included in the SOA:
You can also add information you consider relevant to help manage the ISMS (e.g., a brief description of how the control is implemented).
For further information, see:
HTML tags are not allowed