Statement of applicability (SoA)

For ISMS according to ISO 27001, the statement of applicability (SoA) of the controls in Annex a of this standard is mandatory. In this section you have an overview of these measures, which are defined as controls.

Submit SoA

In the Statement of Applicability (SoA) section, you assess for each legal entity whether these controls are applicable within your ISMS organization. To do this, select the respective measure in the table and use the properties in the sidebar to make the necessary entries to explain the applicability:

Instructions:

  1. Define whether the measure is applicable via the Applicable property

  2. Provide an explanation in the property Statement on control implementation

    OR

    Navigate to the ISO measure, click More actions | Edit statement on measure implementation to provide an explanation.

  3. Link to documents that describe how this measure is implemented in your company

  4. Record the status of the implementation in the Status of implementation property

  5. If necessary, reference one or more tasks under Attached controls

    OR

    Navigate to the ISO measure and click More actions | Create ISMS task to create a new ISMS task.

See also: How to configure the general properties in a control is described under Risk controls.