Check out our FREE Resources page – Download free business frameworks, PowerPoint templates, whitepapers, and more.

ISO 27001/2-2022 Version - Statement of Applicability   Excel template (XLSX)
$100.00
Add to Cart

ISO 27001/2-2022 Version - Statement of Applicability (Excel template (XLSX)) Preview Image
ISO 27001/2-2022 Version - Statement of Applicability (Excel template (XLSX)) Preview Image
ISO 27001/2-2022 Version - Statement of Applicability (Excel template (XLSX)) Preview Image
Flevy is the marketplace for business best practices.
ISO 27001/2-2022 Version - Statement of Applicability (Excel template (XLSX)) Preview Image
ISO 27001/2-2022 Version - Statement of Applicability (Excel template (XLSX)) Preview Image
ISO 27001/2-2022 Version - Statement of Applicability (Excel template (XLSX)) Preview Image
Arrow   Click main image to view in full screen.

ISO 27001/2-2022 Version - Statement of Applicability (Excel XLSX)

Excel (XLSX)

#3 in ISO 27002 $100.00

Add to Cart
  


Immediate download
Fully editable Excel
Free lifetime updates
Trusted by over 10,000+ clients

BENEFITS OF THIS EXCEL DOCUMENT

  1. Provides you with well-tested Statement of Applicability to comply with the requirements of ISO 27001, Version 2022
  2. Supports IT Consultants in ensuring the best creation of a Statement of Applicability for the new version of ISO 27K-2022 Version
  3. Supports ISO 27 K Consultants in drafting a Statement of Applicability so that they can implement ISO 27K more effectively

ISO 27001 EXCEL DESCRIPTION

Editor Summary ISO 27001/2-2022 Version - Statement of Applicability is an XLSX spreadsheet by John Kyriazoglou that documents and provides an example SOA for the ISO 27001/2 2022 controls. Read more

This spreadsheet describes fully the contents and an example of the controls included in the ISO 27001/2 2022 version Statement of Applicability (SOA). It can be used to create as well as to audit your own SOA. It is made up of 4 parts: Read me; Organizational Controls; People and Physical Controls; and Technological Controls. It also contains an evaluation methos and a total assessment grade for each area or domain of controls. The Statement of Applicability (SOA) is a central, mandatory part of the ISO 27001 standard for Information Security Management Systems and is the main link between the risk assessment & treatment and the implementation of your information security. The SOA explains which of the suggested controls from ISO 27001 Annex A you will apply, and justifies any excluded controls.
The statement of applicability (also known as an SOA) is a document which identifies the controls chosen for your environment, and explains how and why they are appropriate. The SOA is derived from the output of the risk assessment/ risk treatment plan and, if ISO27001 compliance is to be achieved, must directly relate the selected controls back to the original risks they are intended to mitigate.
Normally the controls are selected from ISO27001, but it is possible to also include own controls. A number of sector specific schemes are being introduced which stipulate additional mandatory controls.
The SOA should make reference to the policies, procedures or other documentation or systems through which the selected control will actually manifest. It is also good practice to document the justification of why those controls not selected were excluded.
The following template contains 4 sections, one for each ISO 27001 clause (A.5, A6, A7 and A8).
For each ISO 27001 clause (e.g., Organizational Controls (Clause A5) and control category (e.g., Policies for information security) you must note in each table and entry the fields noted below, as per the template presented next.
TEMPLATE: <Control Title>
Control Description: <description of control as per ISO standard>
(1) Applicable: <YES or No>.
(2) Reason for Exclusion: <Not required to control risk>
(3) Implemented: <YES/NO>
(4) Compliance Control(s) or Measure(s): <Title of compliance control>
(5) Remarks: <Any relevant comments>
(6) Implementation Status: <5= Full implementation and kept up-to-date; 4=Full implementation; 3=Partial implementation; 2=Initial implementation; 1=Exists but not implemented; 0=Inexistent>.

This template provides a structured approach to documenting your organization's information security controls, ensuring compliance with ISO 27001 standards. It facilitates a clear overview of your control implementation status, helping to identify gaps and areas for improvement in your security posture.

Got a question about the product? Email us at support@flevy.com or ask the author directly by using the "Ask the Author a Question" form. If you cannot view the preview above this document description, go here to view the large preview instead.

TOPIC FAQ

What is an ISO 27001 Statement of Applicability and what should it include?

A Statement of Applicability (SOA) identifies which controls will be applied in your environment and explains how and why they are appropriate. It must be derived from the risk assessment/risk treatment plan and map selected controls back to the original risks, typically referencing ISO 27001 Annex A.

Which sections of ISO 27001 controls does the 2022 SOA template cover?

The described SOA spreadsheet contains 4 sections, one for each ISO 27001 clause included in the template: Organizational Controls, People and Physical Controls, and Technological Controls, structured to cover clauses A.5, A.6, A.7, and A.8 as presented in the template for clauses A.5–A.8.

What fields should a practical SOA template include?

A practical SOA template should record Control Title, Control Description, whether the control is Applicable (YES/NO), Reason for Exclusion if not applicable, Implemented status (YES/NO), Compliance Control(s) or Measure(s), Remarks, and an Implementation Status score; the provided template uses a 0–5 implementation scale.

How should excluded controls be documented in an SOA?

Excluded controls should be documented with a clear justification explaining why they are not required to control the assessed risk, and the SOA should reference related policies/procedures for implemented controls; the template provides a dedicated "Reason for Exclusion" field for this purpose.

How can I evaluate overall implementation across control domains?

Use a domain-level evaluation method that aggregates control implementation scores to produce a total assessment grade for each control area or domain. The spreadsheet described includes an evaluation method and a total assessment grade to summarise each domain’s implementation status.

What should I consider when choosing an SOA template under budget or timeline constraints?

Prefer templates that directly map controls to the risk assessment, include fields for applicability and justification of exclusions, provide an implementation-status scale, and offer domain-level evaluation to speed audits and reporting; look specifically for an implementation-status scale and domain assessment capability.

I need to prepare an SOA for certification—what steps should I follow?

Start from your risk assessment/risk treatment output, select applicable controls (ISO 27001 Annex A or custom controls), document how each control will manifest via policies/procedures, justify exclusions, and record Implemented and Implementation Status. Flevy’s ISO 27001/2-2022 Version - Statement of Applicability provides a template to capture these items with Applicable, Implemented, and Implementation Status fields.

How do sector-specific schemes affect the controls I include in an SOA?

Sector-specific schemes can stipulate additional mandatory controls beyond ISO 27001 Annex A; your SOA should incorporate any required sector-specific controls and document them alongside Annex A controls so they appear in the SOA as additional mandatory controls where applicable.

Source: Best Practices in ISO 27001, ISO 27002 Excel: ISO 27001/2-2022 Version - Statement of Applicability Excel (XLSX) Spreadsheet, John Kyriazoglou

$100.00

Add to Cart
  

ABOUT THE AUTHOR

Additional documents from author: 31

John Kyriazoglou obtained a certificate in computer programming and data processing from a technical college, in Hamilton, Canada, a (Hon.) in Computer Science and with a minor in Economics from the University of Toronto, Canada, also earning a Scholastic award for Academic Excellence in Computer Science. John has worked in Canada, Europe (England, Switzerland, Luxembourg, Greece, etc.) and the ... [read more]

Ask the Author a Question

You must be logged in to contact the author.

Click here to log in Click here register

Did you know?
The average daily rate of a McKinsey consultant is $6,625 (not including expenses). The average price of a Flevy document is $65.



Trusted by over 10,000+ Client Organizations
Since 2012, we have provided business templates to over 10,000 businesses and organizations of all sizes, from startups and small businesses to the Fortune 100, in over 130 countries.
AT&T GE Cisco Intel IBM Coke Dell Toyota HP Nike Samsung Microsoft Astrazeneca JP Morgan KPMG Walgreens Walmart 3M Kaiser Oracle SAP Google E&Y Volvo Bosch Merck Fedex Shell Amgen Eli Lilly Roche AIG Abbott Amazon PwC T-Mobile Broadcom Bayer Pearson Titleist ConEd Pfizer NTT Data Schwab


Explore These Related Documents



Read Customer Testimonials

 
 "Flevy is our 'go to' resource for management material, at an affordable cost. The Flevy library is comprehensive and the content deep, and typically provides a great foundation for us to further develop and tailor our own service offer."

– Chris McCann, Founder at Resilient.World
 
 "I like your product. I'm frequently designing PowerPoint presentations for my company and your product has given me so many great ideas on the use of charts, layouts, tools, and frameworks. I really think the templates are a valuable asset to the job."

– Roberto Fuentes Martinez, Senior Executive Director at Technology Transformation Advisory
 
 "Flevy is now a part of my business routine. I visit Flevy at least 3 times each month.

Flevy has become my preferred learning source, because what it provides is practical, current, and useful in this era where the business world is being rewritten.

In today's environment where there are so "

– Omar Hernán Montes Parra, CEO at Quantum SFE
 
 "FlevyPro has been a brilliant resource for me, as an independent growth consultant, to access a vast knowledge bank of presentations to support my work with clients. In terms of RoI, the value I received from the very first presentation I downloaded paid for my subscription many times over! The "

– Roderick Cameron, Founding Partner at SGFE Ltd
 
 "As a young consulting firm, requests for input from clients vary and it's sometimes impossible to provide expert solutions across a broad spectrum of requirements. That was before I discovered Flevy.com.

Through subscription to this invaluable site of a plethora of topics that are key and crucial to consulting, I "

– Nishi Singh, Strategist and MD at NSP Consultants
 
 "[Flevy] produces some great work that has been/continues to be of immense help not only to myself, but as I seek to provide professional services to my clients, it gives me a large "tool box" of resources that are critical to provide them with the quality of service and outcomes they are expecting."

– Royston Knowles, Executive with 50+ Years of Board Level Experience
 
 "Flevy.com has proven to be an invaluable resource library to our Independent Management Consultancy, supporting and enabling us to better serve our enterprise clients.

The value derived from our [FlevyPro] subscription in terms of the business it has helped to gain far exceeds the investment made, making a subscription a no-brainer for any growing consultancy – or in-house strategy team."

– Dean Carlton, Chief Transformation Officer, Global Village Transformations Pty Ltd.
 
 "My FlevyPro subscription provides me with the most popular frameworks and decks in demand in today’s market. They not only augment my existing consulting and coaching offerings and delivery, but also keep me abreast of the latest trends, inspire new products and service offerings for my practice, and educate me "

– Bill Branson, Founder at Strategic Business Architects


Customers Also Bought These Documents


Customers Also Like These Documents

Explore Templates on Related Management Topics

ISO 27001 Templates
ISO 27002 Templates



Your Recently Viewed Documents
Download our FREE Digital Transformation Templates

Download our free compilation of 50+ Digital Transformation slides and templates. DX concepts covered include Digital Leadership, Digital Maturity, Digital Value Chain, Customer Experience, Customer Journey, RPA, etc.

OUR CORE OFFERINGS
Flevy Marketplace: Top 100 Templates
Strategy & Transformation
Digital Transformation
Operational Excellence
Organization & Change
Financial Models
Consulting Frameworks
PowerPoint Templates
FlevyPro (Subscription Service)
Streams
Flevy Consulting Network
PowerPoint Services

FREE Resources

About Flevy
Management Topics
Marcus (AI-Powered Consultant)
Partner Program
LinkedIn Influencer Marketing
FAQ / Terms / Privacy / Blog
Contact Us: support@flevy.com




CONNECT WITH US!
        		EXPLORE TEMPLATES & FRAMEWORKS: TOP 100 TRENDING TOPICS
Agentic AI Templates Agile Templates Analytics Templates Artificial Intelligence Templates BDP Templates Balanced Scorecard Templates Business Model Innovation Templates Business Plan Development Templates Business Plan Financial Model Templates Business Transformation Templates Change Management Templates Cloud Templates Competitive Advantage Templates Competitive Analysis Templates Continuous Improvement Templates Core Competencies Templates Corporate Culture Templates Cost Optimization Templates Cost Reduction Assessment Templates Crisis Management Templates Customer Experience Templates Customer Journey Mapping Templates Customer Relationship Management Templates Customer Value Proposition Templates Customer-centricity Templates

BROWSE BY FUNCTION
Strategy, Transformation, & Innovation
Digital Transformation
Operational Excellence and LSS
Organization, Change, & HR
Management Consulting 		Cyber Security Templates Data Governance Templates Data Privacy Templates Decision Making Templates Digital Transformation Templates Due Diligence Templates Effective Communication Templates Employee Engagement Templates Employee Training Templates Financial Management Templates GenAI Templates Governance Templates Growth Strategy Templates HR Strategy Templates Hoshin Kanri Templates Human-centered Design Templates ISO 27001 Templates Industry 4.0 Templates Industry Analysis Templates Information Technology Templates Innovation Management Templates Inventory Management Templates Kaizen Templates Key Success Factors Templates Leadership Templates

ADDITIONAL RESOURCES
Business Strategy Frameworks
Case Studies
Consulting Slide Examples
Consulting Training Guides
Financial Advising Services (FAS) 		Lean Management Templates Logistics Templates M&A (Mergers & Acquisitions) Templates Manufacturing Templates Market Research Templates Marketing Plan Development Templates Maturity Model Templates McKinsey Presentations Templates Meeting Facilitation/Management Templates Operational Excellence Templates Organizational Design Templates Performance Management Templates Pitch Deck Templates Post-merger Integration Templates Presentation Delivery Templates Pricing Strategy Templates Problem Solving Templates Process Improvement Templates Process Maps Templates Product Strategy Templates Project Management Templates Purpose Templates Quality Management Templates Real Estate Templates Requirements Gathering Templates


Free Resources
Lean Management
Lean Six Sigma Training Guides
LLM Info
McKinsey-Style Consulting Presentations 		Resource Management Templates Restructuring Templates Risk Management Templates Root Cause Analysis Templates SCOR Model Templates SWOT Analysis Templates Sales Strategy Templates Scenario Planning Templates Service Design Templates Six Sigma Project Templates Social Media Strategy Templates Strategic Analysis Templates Strategic Planning Templates Strategic Sourcing Templates Strategy Deployment & Execution Templates Strategy Development Templates Strategy Report Example Templates Supply Chain Management Templates Sustainability Templates Target Operating Model Templates Team Management Templates Valuation Templates Value Chain Analysis Templates Value Creation Templates Value Stream Mapping Templates


Product Strategy
Small Business Owner
Startup Resources
Value Innovation Strategy

© 2012-2026 Copyright. Flevy LLC. All Rights Reserved.