{"id":2836,"date":"2019-05-30T11:06:52","date_gmt":"2019-05-30T11:06:52","guid":{"rendered":"https:\/\/www.imsm.com\/tz\/gb\/?p=2836"},"modified":"2023-11-15T13:18:56","modified_gmt":"2023-11-15T13:18:56","slug":"what-is-the-statement-of-applicability-for-iso-27001","status":"publish","type":"post","link":"https:\/\/www.imsm.com\/tz\/news\/what-is-the-statement-of-applicability-for-iso-27001\/","title":{"rendered":"What is the statement of applicability for ISO 27001?"},"content":{"rendered":"

When researching what you need for the ISO 27001<\/a> certification, you may have stumbled upon the term \u2018statement of applicability\u2019.<\/p>\n

Confused? Don\u2019t worry. We\u2019ve done the hard work for you – here\u2019s what the ISO 27001<\/a> statement of applicability is and why it\u2019s important.<\/p>\n

What is the statement of applicability for ISO 27001?<\/h2>\n

The statement of applicability is part of the risk assessment and Information Security Management System (ISMS) component of ISO\/IEC 27001<\/a>. It\u2019s a framework of policies surrounding the legality, physicality, and technicality of your cyber security systems.<\/p>\n

Completion of the statement of applicability (SoA) is a requirement of the ISO\/IEC: a document you must develop, prepare and submit as part of your steps toward best practice regarding your data management systems.<\/p>\n

What controls must you implement in the statement of applicability for ISO 27001?<\/h3>\n

There are no exact rules for developing your SoA as ISO 27001<\/a> recognises that details of cyber security are unique to your business\u2019 requirements. However you must include:<\/p>\n