Search the Elsmar Cove!
**Search ALL of** with DuckDuckGo Especially for content not in the forum
Such as files in the Cove "Members" Directory
Social Distancing - It's not just YOUR life - It's ALL of OUR lives!
Me <——————— 6 Feet ———————-> You

Sharing a Statement of Applicability (SOA) for ISO/IEC 27001:2013

Richard Regalado

Quite Involved in Discussions
Covers, sharing with you a template which I have been using for quite sometime. This format has passed several audits already. This template encompasses the requirements of Clause 6.1.3.d of the ISO/IEC 27001:2013.

The requirement for SOA includes:
- contain necessary controls determined for the risk treatment options chosen;
- contain other controls necessary that are not part of those determined as risk treatment options;
- justification for inclusion of the controls (not part of the 2005 version requirement);
- implementation status; and
- justification for excluding controls.

Feel free to comment on the attached document. Feel free to use it. The document shared is fully editable. If you will improve the attached document, please share a copy here.


Richard Regalado


Top Bottom