Guest
Statement of Applicability for network security
Within ISO 27001 we have an SOA which states the controls for IS. Does an SOA for Network Security Exist?
Assign topic to the user
Answer: I assume that by SOA you refer to Statement of Applicability. ISO 27001 requires that Statement of Applicability lists all the controls from Annex A - in the Annex A of ISO 27001:2013 you have 3 controls dealing with network security in the sub-section A.13.1 Network security management.
So there is no separate Statement of Applicability for network security - you need to list those controls in your existing Statement of Applicability.
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016