ISO 27001 Sample Scope Statement example wanted IEC 27001 - Information Security Management Systems (ISMS) Sharing a Statement of Applicability (SOA) for ISO/IEC 27001:2013 If you have questions, suggestions or violent reactions, please PM me or reply to this post. It is very easy to use and captures all of the requirements for a SOA. You just have to justify here why you are not implementing Encryption, for example)Īttached is the Statement of Applicability I've been using for my clients. the exclusion of any control objectives and controls and the justification for their exclusion (Not one of the security control in Annex A is required. It's like you're building a house, no one needs to tell you to put up walls or doors or windows.) Even before ISO 27001 became fashionable most of us have doors, cabinets, cupboards, CCTV cameras, passwords, firewalls, backup processes, BCPs, documented operating procedures, etc. control objectives and controls currently implemented (one does not need ISO 27001 to have information security controls. selected control objectives and controls and reasons for their selection (reasons may include: contractual obligations, legal requirements, regulatory requirements, your very own business requirements, results of your risk assessment, etc.) The Statement of Applicability or SOA is a document containing:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |