Statement of Applicability

Answer:

ISO 27001 Annex A is not to be used as a document for the ISMS. It is a reference for the definition of which controls to use to protect information and to built the Statement of Applicability. The SoA differs from Annex A because it only makes reference to the controls on Annex A (it does not contain the description of each control), and contains other information, such as which controls are applicable, whether they are implemented or not, and justi fication of controls from Annex A you are not using.

To see how a Statement of Applicability looks like, I suggest you to take a look at the free demo of our Statement of Applicability template at this link: https://advisera.com/27001academy/documentation/statement-of-applicability/

These articles will provide you further explanation about Statement of Applicability and ISO 27001 documentation:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/

These materials will also help you regarding Statement of Applicability and ISO 27001 documentation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/