Sharing a Statement of Applicability (SOA) for ISO/IEC 27001:2013

Richard Regalado

Trusted Information Resource
#1
Covers, sharing with you a template which I have been using for quite sometime. This format has passed several audits already. This template encompasses the requirements of Clause 6.1.3.d of the ISO/IEC 27001:2013.

The requirement for SOA includes:
- contain necessary controls determined for the risk treatment options chosen;
- contain other controls necessary that are not part of those determined as risk treatment options;
- justification for inclusion of the controls (not part of the 2005 version requirement);
- implementation status; and
- justification for excluding controls.

Feel free to comment on the attached document. Feel free to use it. The document shared is fully editable. If you will improve the attached document, please share a copy here.

Thanks.

Richard Regalado
 

Attachments

Elsmar Forum Sponsor
Thread starter Similar threads Forum Replies Date
JoshuaFroud Serial numbers and labelling when sharing device components ISO 13485:2016 - Medical Device Quality Management Systems 1
wsparrow Is sharing resources treated same way as remote function? IATF 16949 - Automotive Quality Systems Standard 1
T Validation of Dropbox for File Sharing, Storage, and Retrieval ISO 13485:2016 - Medical Device Quality Management Systems 10
A ISO/TS 16949 - Sharing Certification Audit Report (NCR's) with the Customer IATF 16949 - Automotive Quality Systems Standard 8
D Sharing ISO Standards internally on company computers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Gman2 Processes sharing the same nonconformance during an audit General Auditing Discussions 13
P IT tools for Knowledge Sharing in a large Organization Misc. Quality Assurance and Business Systems Related Topics 1
R Sharing a Quality Manual with a Customer - Proprietary Information Coffee Break and Water Cooler Discussions 7
N Sponsor asked to view our SOPs remotely using File Sharing Document Control Systems, Procedures, Forms and Templates 1
P Web based file sharing i.e. Dropbox for Doc Control - Comments/Alternatives? Document Control Systems, Procedures, Forms and Templates 6
somashekar Information sharing: Week 27, 2010 (HEAT TREATMENT) The Reading Room 3
somashekar Information sharing: Week 24, 2010 (INDUCTION MOTOR) The Reading Room 0
somashekar Information sharing: Week 22, 2010 (HARDNESS, THREADS, BEARINGS) The Reading Room 3
somashekar Information sharing: Week 22, 2010 (TPM, OEE) The Reading Room 1
somashekar Information sharing: Week 21, 2010 (PAPER SIZES) The Reading Room 1
somashekar Information sharing: Week 21, 2010 (COMPUTER TERMS, NUMBER SYSTEM AND DIGITAL) The Reading Room 0
somashekar Information sharing: Week 21, 2010 (CAPACITORS, TRANSFORMERS, RELAYS) The Reading Room 2
somashekar Information sharing: Week 21, 2010 (LEADACID BATTERY AND 12V ELECTRICAL SYSTEM) The Reading Room 0
somashekar Information sharing: Week 21, 2010 (MOTORS, MACHINES AND LUBRICATION) The Reading Room 0
somashekar Information sharing: Week 20, 2010 (DG set and SYNCHRONIZATION) The Reading Room 0
somashekar Information sharing: Week 19, 2010 (ELECTRICITY, SAFETY & GROUNDING) The Reading Room 0
somashekar Information sharing: Week 19, 2010 (SOLAR ENERGY) The Reading Room 0
somashekar Information sharing: Week 19, 2010 (ENERGY) The Reading Room 0
S Sharing and/or Protecting Knowledge: Balance Misc. Quality Assurance and Business Systems Related Topics 4
Q Internal Audit Reports - Examples sharing Internal Auditing 7
Hershal Only THREE foods - Informal sharing of tastes Coffee Break and Water Cooler Discussions 17
L ISO 9001 Certification of Multiple Companies in the same Facility & sharing resources ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
S Sharing information on useful web sites Book, Video, Blog and Web Site Reviews and Recommendations 30
Q Enterprise company sharing corporate procedures? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S Total Quality Managememt Video for sharing Book, Video, Blog and Web Site Reviews and Recommendations 0
Y APQP (2nd version) Training Material Sharing APQP and PPAP 1
M Does Anybody have an ISO 22000 internal audit checklist for sharing? Internal Auditing 11
hogheavenfarm Extent of certification - Companies sharing manufacturing space in a building ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
L CEDAC (Cause and Effect with Addition of Cards) - Sharing Experiences and Form(s) Training - Internal, External, Online and Distance Learning 15
Govind Sharing key Audit learning across multi-site operations General Auditing Discussions 12
A Sharing best practices in customer satisfaction monitoring process Customer and Company Specific Requirements 17
R Couples sharing Funny Stuff - Jokes and Humour 2
S Thank you so much for sharing all your expertise! Coffee Break and Water Cooler Discussions 4
C Getting started with EMS - Sharing knowledge and experience Miscellaneous Environmental Standards and EMS Related Discussions 1
CarolX Copyright Material vs. File Sharing - Title 17 U.S.C. Section 107 Elsmar Cove Forum ToS and Forum Policies 14
R MDD x PPE Directive - Statement of Non-Applicability EU Medical Device Regulations 3
M Example of statement for procedure pack MDR Article 22? Elsmar Cove Forum Suggestions, Complaints, Problems and Bug Reports 0
A Contraindication Safety Statement in website - Radiotherapy equipment Other Medical Device and Orthopedic Related Topics 1
M Informational US FDA – Statement on agency’s efforts to increase transparency in medical device reporting Medical Device and FDA Regulations and Standards News 0
M Issuing NCR for improper method statement submissions Internal Auditing 10
M Medical Device News MedTech Europe Statement on the Implant Files Medical Device and FDA Regulations and Standards News 0
M FDA News Statement from USFDA on steps to strengthen the long-term safety oversight of the Essure device Medical Device and FDA Regulations and Standards News 0
M FDA News US FDA – Statement about rates of duodenoscope contamination from preliminary postmarket data Medical Device and FDA Regulations and Standards News 0
M Position paper Team NB Statement - Patient safety EU Medical Device Regulations 0
P IVDD - IFU related requirements - Type of information/statement expected EU Medical Device Regulations 1

Similar threads

Top Bottom