Want FREE Templates on Digital Transformation? Download our FREE compilation of 50+ slides. This is an exclusive promotion being run on LinkedIn.

ISO 27001/2-2022 Version - Statement of Applicability   Excel template (XLSX)

ISO 27001/2-2022 Version - Statement of Applicability (Excel template (XLSX)) Preview Image ISO 27001/2-2022 Version - Statement of Applicability (Excel template (XLSX)) Preview Image ISO 27001/2-2022 Version - Statement of Applicability (Excel template (XLSX)) Preview Image ISO 27001/2-2022 Version - Statement of Applicability (Excel template (XLSX)) Preview Image
Arrow   Unlock all preview images:   Login Register

ISO 27001/2-2022 Version - Statement of Applicability (Excel XLSX)

File Type: Excel template (XLSX)


Add to Cart


Immediate digital download upon purchase.
Lifetime document updates included with purchase.
Fully editable & customizable XLSX document.
Trusted by over 10,000+ organizations.


  1. Provides you with well-tested Statement of Applicability to comply with the requirements of ISO 27001, Version 2022
  2. Supports IT Consultants in ensuring the best creation of a Statement of Applicability for the new version of ISO 27K-2022 Version
  3. Supports ISO 27 K Consultants in drafting a Statement of Applicability so that they can implement ISO 27K more effectively


This product (ISO 27001/2-2022 Version - Statement of Applicability) is an Excel template (XLSX), which you can download immediately upon purchase.

This spreadsheet describes fully the contents and an example of the controls included in the ISO 27001/2 2022 version Statement of Applicability (SOA). It can be used to create as well as to audit your own SOA. It is made up of 4 parts: Read me; Organizational Controls; People and Physical Controls; and Technological Controls. It also contains an evaluation methos and a total assessment grade for each area or domain of controls. The Statement of Applicability (SOA) is a central, mandatory part of the ISO 27001 standard for Information Security Management Systems and is the main link between the risk assessment & treatment and the implementation of your information security. The SOA explains which of the suggested controls from ISO 27001 Annex A you will apply, and justifies any excluded controls.
The statement of applicability (also known as an SOA) is a document which identifies the controls chosen for your environment, and explains how and why they are appropriate. The SOA is derived from the output of the risk assessment/ risk treatment plan and, if ISO27001 compliance is to be achieved, must directly relate the selected controls back to the original risks they are intended to mitigate.
Normally the controls are selected from ISO27001, but it is possible to also include own controls. A number of sector specific schemes are being introduced which stipulate additional mandatory controls.
The SOA should make reference to the policies, procedures or other documentation or systems through which the selected control will actually manifest. It is also good practice to document the justification of why those controls not selected were excluded.
The following template contains 4 sections, one for each ISO 27001 clause (A.5, A6, A7 and A8).
For each ISO 27001 clause (e.g., Organizational Controls (Clause A5) and control category (e.g., Policies for information security) you must note in each table and entry the fields noted below, as per the template presented next.
TEMPLATE: <Control Title>
Control Description: <description of control as per ISO standard>
(1) Applicable: <YES or No>.
(2) Reason for Exclusion: <Not required to control risk>
(3) Implemented: <YES/NO>
(4) Compliance Control(s) or Measure(s): <Title of compliance control>
(5) Remarks: <Any relevant comments>
(6) Implementation Status: <5= Full implementation and kept up-to-date; 4=Full implementation; 3=Partial implementation; 2=Initial implementation; 1=Exists but not implemented; 0=Inexistent>.

Got a question about the product? Email us at support@flevy.com or ask the author directly by using the "Ask the Author a Question" form. If you cannot view the preview above this document description, go here to view the large preview instead.

Source: Best Practices in ISO 27001, IEC 27002 Excel: ISO 27001/2-2022 Version - Statement of Applicability Excel (XLSX) Spreadsheet, John Kyriazoglou


Add to Cart


File Type: Excel xlsx (XLSX)
File Size: 45.6 KB


Additional documents from author: 25

John Kyriazoglou obtained a certificate in computer programming and data processing from a technical college, in Hamilton, Canada, a (Hon. ) in Computer Science and with a minor in Economics from the University of Toronto, Canada, also earning a Scholastic award for Academic Excellence in Computer Science. John has worked in Canada, Europe (England, Switzerland, Luxembourg, Greece, etc. [read more]

Ask the Author a Question

Must be logged in

Did you know?
The average daily rate of a McKinsey consultant is $6,625 (not including expenses). The average price of a Flevy document is $65.

Trusted by over 10,000+ Client Organizations
Since 2012, we have provided best practices to over 10,000 businesses and organizations of all sizes, from startups and small businesses to the Fortune 100, in over 130 countries.
AT&T GE Cisco Intel IBM Coke Dell Toyota HP Nike Samsung Microsoft Astrazeneca JP Morgan KPMG Walgreens Walmart 3M Kaiser Oracle SAP Google E&Y Volvo Bosch Merck Fedex Shell Amgen Eli Lilly Roche AIG Abbott Amazon PwC T-Mobile Broadcom Bayer Pearson Titleist ConEd Pfizer NTT Data Schwab

Read Customer Testimonials

Customers Also Bought These Documents

Customers Also Like These Documents

Related Management Topics

ISO 27001 IEC 27002 Cyber Security

Download our FREE Digital Transformation Templates

Download our free compilation of 50+ Digital Transformation slides and templates. DX concepts covered include Digital Leadership, Digital Maturity, Digital Value Chain, Customer Experience, Customer Journey, RPA, etc.