ISMS Statement of Applicability | Statement of Applicability Excel Template
The Statement of Applicability is the fundamental link between your risk assessment and treatment activities, and it shows "where" you've chosen to implement information security controls from the 114 control objectives.
During the audit phase, when the auditor tests some of the ISO 27001 controls to confirm that they effectively describe and demonstrate that an organization is meeting its control goals, the SOA must be available.
Format: MS Word
- Determine which controls a corporation has chosen to address the risks it has identified.
- Explain why these controls were chosen.
- Indicate whether the controls have been applied by the company.
- Explain why some controls were chosen to be omitted by the organization.