Statements of Applicability

ISO/IEC 27001
        
 

Define here the terminology you will use to define the status of the controls (e.g. 1 = fully operational; 2 = in progress of being deployed; 3 = not yet deployed)

<<>>

To complete the SOA: In the "applicable" column, simply say "Y" or "N" (or "Yes" or "No"). In the "status" column, give the status in accordance with the above scheme. In the "rationale" column, explain why the control is not applicable or reference at least one policy statement or event if it is. In the "summary of control" column, summarise the control, perhaps with a link to a documented procedure or state "N/A" if the control was not applicable (N or No in the applicable column)

Annex A Control Applicable Status Rationale Summary of Control
A.5 Security policy
A.5.1 Information security policy
A.5.1.1 Information security policy document <<>> <<>> ES1.1a <<>>
A.5.1.2 Review of the information security policy <<>> <<>> ES1.1a, ES1.1b <<>>
A.6 Organising security
A.6.1 Internal organisation
A.6.1.1 Management commitment to information security <<>> <<>> ES1.1b <<>>

 

THE SOA CONTINUES IN LIKE MANNER FOR ALL 133 CONTROLS. NOTE THE BUILT-IN HYPERLINKS THE THE STANDARD RTPS. THESE CAN BE SWITCHED OFF, MADE NOT APPLICABLE OR AUGMENTED AS REQUIRED.

 
A.15.3 Information systems audit considerations
A.15.3.1 Information system audit controls <<>> <<>> ES1.5a <<>>
A.15.3.2 Protection of system audit tools <<>> <<>> ES1.5b <<>>

 
IMS-Smart produced by Gamma Secure Systems Limited. Gamma is an ISO/IEC 27001:2005 and BS EN ISO 9001: 2000 registered company, certified for the provision of information security consultancy.  BSI certificate numbers IS 85916 and FS  30710.  Gamma Secure Systems, Diamond House, Frimley Road, Camberley, Surrey, GU15 2PS, UK Tel: +44 1276 702500 - Fax: +44 1276 692903.  Use of IMS-Smart is governed by a EULA. Template reference 026-080213-01-080213, copyright © Gamma Secure Systems Limited, 2007-8
 
TemplateIMSDemo
Page last updated: 17 March, 2008