Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Statement of Applicability

  Quote
Guest
Guest user Created:   Jun 22, 2020 Last commented:   Jun 22, 2020

Statement of Applicability

We are going to have our external surveillance audit soon and we have one control in the SOA that is still "in progress". What are the implications of this?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 22, 2020

When going for the certification audit, you should have most of your controls implemented, and make sure that controls that mitigate the biggest risks are fully implemented, or the certification auditor can consider that the ISMS is not ready for certification yet.

In other words, you can leave only a smaller number of less significant controls to be implemented after the certification. In your case, you have to ask risk owners to accept the residual risks related to this control still "in progress".

This article will provide you a further explanation about certification:

This material will also help you regarding certification:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 22, 2020

Jun 22, 2020