ISO 27001 ISMS: Statement of Applicability (PDF)

This document describes fully the controls included in The ISO 27001/2 Statement of Applicability (SOA). It can be used to create as well as to audit your own SOA.

The Statement of Applicability (SOA) is a central, mandatory part of the ISO 27001 standard for Information Security Management Systems and is the main link between the risk assessment & treatment and the implementation of your information security.

The SOA explains which of the suggested controls from ISO 27001 Annex A you will apply, and justifies any excluded controls.

This PDF provides a comprehensive evaluation template for the ISO 27002 SOA, ensuring that all controls are meticulously assessed and documented. It includes detailed descriptions and requirements for various control categories, such as internal organization, access control, cryptography, and supplier relationships. Each control is clearly outlined with its objectives, applied status, and references, making it easy to track compliance and implementation.

Clause A.6 focuses on the organization of information security, detailing the roles and responsibilities for maintaining security within the organization. It emphasizes the importance of segregation of duties, contact with external authorities, and managing information security as an integral part of project management. This section ensures that all relevant controls are applied and documented, providing a robust framework for internal security management.

Clause A.12 addresses operations security, outlining the procedures and responsibilities for secure operation of information processing facilities. It covers aspects such as documented operating procedures, change management, capacity management, and audit considerations. This clause is crucial for maintaining the integrity and availability of information systems, ensuring that all operational aspects are securely managed and controlled.