Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Statement of Applicability Validation

  Quote
Guest
Guest user Created:   Feb 21, 2021 Last commented:   Feb 21, 2021

Statement of Applicability Validation

If an organisation is making use of ISO 27001 as a guideline, but they are not certified as 27001. Is it mandatory for the organisation to have a SoA in place?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 21, 2021

First is important to know which objectives you want to achieve (i.e., to which purpose you want to use ISO 27001 as a guideline).

For example, if your organization wants to be fully compliant with ISO 27001, even if you are not intending certification, then the Statement of Applicability is mandatory.

In case your intent does not involve being fully compliant with ISO 27001 (e.g., you only want to adopt some controls of the standard), then the Statement of Applicability is not mandatory, but we strongly recommend that you use it as a good practice, because the SoA can be used as the main guide to understand and provide an overview on how information security is implemented in your organization.

This article will provide you a further explanation about the Statement of Applicability:

These materials will also help you regarding ISO 27001 implementation:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 21, 2021

Feb 21, 2021

Suggested Topics

Guest user Created:   Jul 07, 2021 ISO 27001 & 22301
Replies: 1
0 0

Statement of Applicability

Guest user Created:   May 05, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISMS Scope Statement

Guest user Created:   Mar 26, 2021 ISO 27001 & 22301
Replies: 1
0 0

DRP applicability