ISO27001 / ISO27002 A Pocket Guide

CHAPTER 13: THE STATEMENT OF APPLICABILITY (SOA)

While the statement of applicability is central to an ISMS and to accredited certification of the ISMS (it is the document from which an auditor will begin the process of confirming whether or not appropriate controls are in place and operative), it can really only be prepared once the risk assessment has been completed and the risk treatment plan documented.

The statement of applicability is a statement as to which of the controls identified in Annex A to ISO27001 are applicable to the organisation, and which are not. It can also contain additional controls selected from other sources.

SoA and external parties

The SoA must be reviewed on a defined, regular basis. It is the document that is used ...

Get ISO27001 / ISO27002 A Pocket Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISO27001 / ISO27002 A Pocket Guide by

CHAPTER 13: THE STATEMENT OF APPLICABILITY (SOA)

SoA and external parties

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly