Items discussed include:
- The Statement of Applicability is required for ISO 27001 certification. It’s a statement that explains which Annex A security controls are — or aren’t — applicable to your organization’s Information Security Management System (ISMS).
You can update your current ISO 27001 Statement of Applicability (SoA) like this:
- Compare your current SoA to the new requirements – there are charts in the new Standard showing the connections
- Identify the business owners in the various risk areas, and assign a high-medium-low value to the risk, and then revise your Information Security Risk Treatment Plans
- Update your Risk Treatment Plans to keep you protected
- Keep your Risk Treatment Plans dynamic – threats never sleep!
On Our Next Episode
In the next episode of the ISO Review Podcast, Jim will discuss what you need to know about integrating ISO 27001 into an existing ISO 9001 QMS.