ISO 27001 - What different reasons for including have you identified and documented in your Statement of Applicability?
Do you include/choose your controls in SoA only based on identified risks or do you have other reasons for including as well? And in that case what are those reasons?
Would be grateful for some examples.
Thanks!
Br
Linda
Do you include/choose your controls in SoA only based on identified risks or do you have other reasons for including as well? And in that case what are those reasons?
Would be grateful for some examples.
Thanks!
Br
Linda