Statement of Applicability
Assign topic to the user
If you understand that multiple controls are needed to decrease risk to an acceptable level, then you can add multiple controls next to each risk in the Risk Treatment Table.
Regarding the Statement of Applicability, please note that all controls related to risks need to be documented in the Risk Treatment Table, not only those you consider the most important.
These articles will provide you a further explanation about risk assessment and treatment:
- ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
By the way, included in your toolkit you have access to video tutorials that can help you fill in the Risk Treatment Table. This tutorial will show you how additional controls are added.
Comment as guest or Sign in
Oct 27, 2021