Guest user Created: Jul 07, 2021 Last commented: Jul 07, 2021

Statement of Applicability

Grateful if you can please confirm on the following. We are in the phase of a certification audit. the auditor is currently reviewing the Statement of Applicability (SoA). For clause 18.1.5, Regulations on cryptographic controls: There is no such law currently in XXXXX. So, is this clause applicable to our company for the time being or shall it be record as exclusion in the SoA?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 07, 2021

Please note that this control refers not only to laws but also to agreements (e.g., contracts) and regulations, so you need to also verify these elements. For example, you may have a contract with a customer or a supplier defining requirements for cryptography, or some regulation applicable to your industry may define requirements for cryptography.

In case there are no agreements or regulations applicable to your organization, then you can record these controls as an exclusion in your SoA.

This article will provide you a further explanation about SoA:

The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

These materials will also help you regarding SoA:

Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 07, 2021

Expert Advice Community