Our Statement of Applicability is one of the mandatory documents for ISO 27001. For each control, whether it is included in the process or not, the reason for this and the person responsible should be stated. The organisation can specify the controls that are not used within their management system in Statement of Applicability document.
This document is prepared based on all the control titles of Annex A within the ISO 27001 standard and it should be defined how an organisation comply with the current controls or activities.
The organisation can use this document as the main source for risk assessment and risk treatment in their Information Security Management System (ISMS).
For any organisation who has implemented an Information Security Management System (ISMS) that need to be ISO 27001 certified, a documented Statement of Applicability is required to get certified.
The Statement of Applicability is a live document and should be reviewed on an ongoing basis and when something changes. With this document, you can easily review it against current applications when it is necessary.
This document can be purchased individually or as part of a package. If you are implementing a management system based on one or more of the main ISO standards, then our management system packages might be more cost effective.
Our standard management system packages cover a combination of ISO 9001, ISO 14001, ISO 27001 and ISO 45001. However, additional standards can easily be included if needed.
