Statement of Applicability
Statement of Applicability is a fundamental component that falls under an organization’s Information Security Management System. It is a critical document that serves essentially in achieving ISO 27001 certification.
Statement of Applicability for an organization proves as a benchmark against the full Annex A control set and consists of justification for inclusion or exclusion of every security control as part of the ISMS implementation in an organization. Moreover, the statement of applicability also links an organization’s risk assessment to its risk treatment plan.
Therefore, the Statement of Applicability is one of the first documents the auditor will most likely review as part of the entire ISO 27001 audit process. This Statement of Applicability (SoA) helps the auditor comprehend the organization’s tone and what security controls it has implemented and assessed over a period of time as a part of audit certification.