I'd like to update my SoA due to covid-19 where 90% of user are working remote ?
Can you help on that ?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Sep 07, 2020
To update the SoA considering your stated scenario, you need to:
- update your risk assessment, to see if new unacceptable risks had arisen or current ones had changed
- review applicable legal requirements (e.g., laws, regulations, or contracts.), to see if new controls are now applicable
- adjust your risk treatment according to the updated unacceptable risks and applicable legal requirements
After approving the updated risk assessment and treatment you can update the SoA accordingly.
This article will provide you a further explanation about SoA:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
- ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
For common risks and safeguards related to working remotely, please read:
- Checklist of cyber threats & safeguards when working from home (PDF) https://info.advisera.com/27001academy/free-download/checklist-of-cyber-threats-and-safeguards-when-working-from-home
Comment as guest or Sign in
Sep 07, 2020
Sep 07, 2020
Sep 07, 2020