Expert Advice Community

Guest

Statement of Applicability

  Quote
Guest
Guest user Created:   Aug 21, 2019 Last commented:   Aug 22, 2019

Statement of Applicability

I am trying to understand if I need to refer to all the controls of Annex A. Meaning - do I need a table of compliance that indicates which controls I used and marked the others as NA - or a similar tool ? I read paper that you wrote and it does not refer to the above specifically. Can you please clarify ?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 21, 2019

Answer:

In fact in the SoA you need to show that all controls from Annex A were considered, even those not applicable to your organization.

ISO 27001 clause 6.1.3 d) requires an organization to produce a document called Statement of Applicability. This document contains the controls from Annex A, as well as other controls deemed necessary, also including justification for inclusions, implementation status and the justification for exclusions of controls from Annex A.

This article will provide you further explanation about the Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Quote
0 0
Expert
Rhand Leal Aug 22, 2019
We've received additional question:

>While I am waiting for your reply, I looked at the 27000 standard and para 6.1.3 C, D specifically requires to review all 114 control and include justification if we didn't use one. So does that mean that the declaration will include all the controls and for each ?

Answer:

Your assumption is correct. The Statement of Applicability must include all controls from Annex A, including justification for those considered applicable, their implementation status and the justification for those considered not applicable.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 21, 2019

Aug 22, 2019