Scribd
Upload
88 views5 pages

Ecpd - PPT 07 - Iso 27001 - 2022 Isms Li 5d Session 7

The document outlines the Statement of Applicability (SoA) for ISO/IEC 27001:2022, detailing the relevant controls for an organization, their justifications, and implementation status. It emphasizes the importance of providing a holistic view of applicable and non-applicable controls to management. Additionally, it defines controls as countermeasures to modify risks, including various types such as technical and administrative measures.

Uploaded by

Ferdous Shajib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
88 views5 pages

Ecpd - PPT 07 - Iso 27001 - 2022 Isms Li 5d Session 7

The document outlines the Statement of Applicability (SoA) for ISO/IEC 27001:2022, detailing the relevant controls for an organization, their justifications, and implementation status. It emphasizes the importance of providing a holistic view of applicable and non-applicable controls to management. Additionally, it defines controls as countermeasures to modify risks, including various types such as technical and administrative measures.

Uploaded by

Ferdous Shajib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

ISO / IEC 27001:2022

Lead Implementer
Training Course

TUV SUD South Asia Pvt. Ltd. | ISO/IEC 27001:2013 ISMS Lead Implementer - Ed 2022 Rev 1 12 December 2022
Statement of Applicability
(SoA)

TUV SUD South Asia Pvt. Ltd. | ISO/IEC 27001:2013 ISMS Lead Implementer - Ed 2022 Rev 1 12 December 2022 2
Statement of Applicability
▪ Statement of Applicability
✓ It is a document that specifies all controls that are relevant and applicable to the organization.
✓ Justification needs to be provided for including and excluding the controls.
✓ Whether controls are implemented or not should be clearly specified in the SoA.
✓ The SoA may also contain controls from any other source in addition to Annex A.
✓ The purpose of SoA is that it gives a holistic view of all applicable and non-applicable controls to the management.

▪ Control
✓ Countermeasures to modify a risk.
✓ Controls could include policies, procedures, guidelines, practices or organizational structures, which can be
preventive, detective, corrective, administrative, technical, physical, deterrent or legal in nature.
✓ Examples of controls are CCTV, IDS, IPS, Antivirus, IS topic specific policies etc.

TUV SUD South Asia Pvt. Ltd. | ISO/IEC 27001:2013 ISMS Lead Implementer - Ed 2022 Rev 1 12 December 2022 3
Statement of Applicability (SoA) – An example

Control Implementation Document


Control Name Applicability Justification
No. Status Reference

• ISMS Manual, Org


Required to ensure everyone is
Segregation of Chart – ISMS/M/001.
5.3 Yes aware of their responsibilities and Implemented
duties • Job Description –
there are no conflicts
ISMS/JD/002
Inventory of
information and Baseline control to ensure that • List of Assets –
5.9 Yes Implemented
other associated proper list of assets is maintained ISMS/INV/003
assets
The organization has an internal
Outsourced software development team and
8.30 No N/A • N/A
development does not outsource its software
development process.
TUV SUD South Asia Pvt. Ltd. | ISO/IEC 27001:2013 ISMS Lead Implementer - Ed 2022 Rev 1 12 December 2022 4
Any Questions?

TUV SUD South Asia Pvt. Ltd. | ISO/IEC 27001:2013 ISMS Lead Implementer - Ed 2022 Rev 1 12 December 2022 5

You might also like