{"id":1747,"date":"2018-12-02T18:34:16","date_gmt":"2018-12-02T18:34:16","guid":{"rendered":"https:\/\/iso27001.solutions\/?p=1747"},"modified":"2019-03-11T18:02:17","modified_gmt":"2019-03-11T18:02:17","slug":"how-to-develop-a-statement-of-applicability-in-iso-27001","status":"publish","type":"post","link":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/","title":{"rendered":"How to develop a Statement of Applicability in ISO 27001"},"content":{"rendered":"<p><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 nonhundred-percent-fullwidth non-hundred-percent-height-scrolling fusion-equal-height-columns\" style=\"--awb-background-position:left top;--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-border-sizes-top:0px;--awb-border-sizes-bottom:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-one-full fusion-column-first fusion-column-last\" style=\"--awb-bg-size:cover;\"><div class=\"fusion-column-wrapper fusion-flex-column-wrapper-legacy\"><div class=\"fusion-text fusion-text-1\"><h2 style=\"text-align: center;\">What is the Statement of Applicability (SOA)?<\/h2>\n<p>The Statement of Applicability (SoA) is one of the key documents that you will need to produce for your <a href=\"https:\/\/iso27001.solutions\/trends\/about-iso-27001-standard\/explanation-of-iso-27001\/\">ISO 27001 information security management system<\/a> (ISMS).<\/p>\n<p>The <strong>SoA<\/strong> is a crucial, mandatory report for ISO 27001 certification. It\u2019s also an essential report for the management and control of your ISMS.<\/p>\n<p>ISO\/IEC 27001:2013 states that, as part of the risk assessment process, organisations must produce an SoA that contains:<\/p>\n<ul>\n<li>The necessary controls<\/li>\n<li>Justifications for their inclusion<\/li>\n<li>Whether the necessary controls have been implemented or not<\/li>\n<li>Justifications for excluding any of the Annex A controls.<\/li>\n<\/ul>\n<p>ISO 27001 requires an <a href=\"https:\/\/iso27001.solutions\/\">ISMS<\/a> to take into account and document your organisation\u2019s legal, statutory, regulatory and contractual requirements for information security, and your approach to meeting them. The SoA will record the controls that you select to meet these requirements and whether they were implemented for reasons other than the risk assessment.<\/p>\n<\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-separator fusion-full-width-sep\" style=\"margin-left: auto;margin-right: auto;margin-top:30px;width:100%;\"><\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-2 nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-background-position:left top;--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-top:40px;--awb-border-sizes-top:0px;--awb-border-sizes-bottom:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-1 fusion_builder_column_1_1 1_1 fusion-one-full fusion-column-first fusion-column-last fusion-column-no-min-height\" style=\"--awb-bg-size:cover;--awb-margin-top:2%;--awb-margin-bottom:3%;\"><div class=\"fusion-column-wrapper fusion-flex-column-wrapper-legacy\"><div class=\"fusion-image-element fusion-image-align-center in-legacy-container\" style=\"text-align:center;--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><div class=\"imageframe-align-center\"><span class=\" fusion-imageframe imageframe-none imageframe-1 hover-type-none\"><a class=\"fusion-no-lightbox\" href=\"https:\/\/iso27001.solutions\/services\/isms-online-consultancy\/\" target=\"_blank\" aria-label=\"soa\" rel=\"noopener noreferrer\"><img decoding=\"async\" width=\"999\" height=\"700\" src=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa-1.jpg\" alt class=\"img-responsive wp-image-1750\" srcset=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa-1-200x140.jpg 200w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa-1-400x280.jpg 400w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa-1-600x420.jpg 600w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa-1-800x561.jpg 800w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa-1.jpg 999w\" sizes=\"(max-width: 1000px) 100vw, 999px\" \/><\/a><\/span><\/div><\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-3 nonhundred-percent-fullwidth non-hundred-percent-height-scrolling fusion-equal-height-columns\" style=\"--awb-background-position:left top;--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-top:60px;--awb-border-sizes-top:0px;--awb-border-sizes-bottom:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-2 fusion_builder_column_1_1 1_1 fusion-one-full fusion-column-first fusion-column-last\" style=\"--awb-bg-size:cover;\"><div class=\"fusion-column-wrapper fusion-flex-column-wrapper-legacy\"><div class=\"fusion-column-content-centered\"><div class=\"fusion-column-content\"><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-separator fusion-full-width-sep\" style=\"margin-left: auto;margin-right: auto;margin-top:10px;width:100%;\"><\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-text fusion-text-2\"><h2 style=\"text-align: center;\">How to develop your Statement of Applicability ?<\/h2>\n<\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-separator\" style=\"margin-left: auto;margin-right: auto;margin-top:0px;margin-bottom:30px;width:100%;max-width:70px;\"><div class=\"fusion-separator-border sep-single sep-solid\" style=\"--awb-height:20px;--awb-amount:20px;--awb-sep-color:#213d65;border-color:#213d65;border-top-width:1px;\"><\/div><\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-text fusion-text-3\"><p>The process of developing the SoA can be mapped to <strong>five steps<\/strong>:<\/p>\n<p><strong>1 &#8211; Identify and analyse risks<\/strong><\/p>\n<p>You need to identify all the events that might compromise the confidentiality, integrity and\/or availability of an asset that is within the scope of your ISMS. You also need to analyse how the risk might occur, which usually requires you to identify a vulnerability in your asset and a threat that might exploit that vulnerability.<\/p>\n<p><strong>2 &#8211; Select controls to treat risks<\/strong><\/p>\n<p>As part of your risk assessment you will need to mitigate the risks to reduce them to an agreed, acceptable level.<\/p>\n<p>ISO 27001 suggests four ways to treat risks:<\/p>\n<ol>\n<li>retain (tolerate)<\/li>\n<li>avoid (terminate)<\/li>\n<li>share (transfer)<\/li>\n<li>modify (treat).<\/li>\n<\/ol>\n<p>Modifying the risk means that you will apply security controls to reduce the impact and\/or likelihood of that risk. These controls can be drawn from Annex A of ISO 27001, as well as those contained in other frameworks, such as the Payment Card Industry Data Security Standard (PCI DSS) or NIST SP 800-53.<\/p>\n<p><strong>3 &#8211; Plan your risk treatment<\/strong><\/p>\n<p>The risk treatment plan (RTP) needs to be produced as part of a certified ISO 27001 ISMS. This provides a summary of each of the identified risks, the responses that have been determined for each risk, the risk owners and the target date for applying the risk treatment.<\/p>\n<p><a href=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/Risk-Treatment-Plan.jpg\"><img decoding=\"async\" class=\"alignnone wp-image-1752 size-full\" src=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/Risk-Treatment-Plan.jpg\" alt=\"\" width=\"998\" height=\"701\" srcset=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/Risk-Treatment-Plan-200x140.jpg 200w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/Risk-Treatment-Plan-300x211.jpg 300w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/Risk-Treatment-Plan-400x281.jpg 400w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/Risk-Treatment-Plan-600x421.jpg 600w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/Risk-Treatment-Plan-768x539.jpg 768w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/Risk-Treatment-Plan-800x562.jpg 800w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/Risk-Treatment-Plan.jpg 998w\" sizes=\"(max-width: 998px) 100vw, 998px\" \/><\/a><\/p>\n<p><strong>4 &#8211; Implement controls<\/strong><\/p>\n<p>Your SoA should set out a list of all controls recommended by Annex A, together with a statement of whether the control has been applied or not, along with a justification for its inclusion or exclusion. Implementing your selected controls can be a time-consuming task, depending on the gap between your organisation\u2019s actual security level and your risk appetite.<\/p>\n<p><strong>5 &#8211; Maintain the SoA<\/strong><\/p>\n<p>ISO 27001 requires the organisation to continually review, update and improve the ISMS to make sure it is functioning effectively, and that it adjusts to the constantly changing threat environment.<\/p>\n<p>Clause 8.2 in ISO 27001 states that risk assessments should be performed at planned intervals or when significant changes occur.<\/p>\n<p>As part of this, you may find that your organisation reduces its risk appetite and plans to reduce the impact and likelihood of identified risks by identifying new controls. You will need to produce a new SoA each time your organisation carries out a risk assessment. However, the SoA should be maintained between risk assessments so that you have an accurate record of the controls you have selected and whether or not they have been implemented.<\/p>\n<\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-separator fusion-full-width-sep\" style=\"margin-left: auto;margin-right: auto;margin-top:10px;width:100%;\"><\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-text fusion-text-4\"><h2 style=\"text-align: center;\">Produce an SoA with our Tool<\/h2>\n<\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-separator\" style=\"margin-left: auto;margin-right: auto;margin-top:0px;margin-bottom:30px;width:100%;max-width:70px;\"><div class=\"fusion-separator-border sep-single sep-solid\" style=\"--awb-height:20px;--awb-amount:20px;--awb-sep-color:#213d65;border-color:#213d65;border-top-width:1px;\"><\/div><\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-text fusion-text-5\"><p>Fully aligned with ISO 27001, our Tool streamlines the information risk assessment process and helps you produce consistent, robust and reliable risk assessments year after year.<\/p>\n<p>It can generate six audit-ready reports, including the SoA and RTP. Export, edit and share these reports with ease across your organisation and with <a href=\"https:\/\/iso27001.solutions\/services\/isms-online-consultancy\/\">auditors<\/a>.<\/p>\n<p><span style=\"color: #99cc00;\"><strong>Find out more &gt;&gt;<\/strong><\/span><\/p>\n<\/div><\/div><\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-4 nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-3 fusion_builder_column_1_1 1_1 fusion-one-full fusion-column-first fusion-column-last\" style=\"--awb-bg-size:cover;\"><div class=\"fusion-column-wrapper fusion-flex-column-wrapper-legacy\"><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-separator fusion-full-width-sep\" style=\"margin-left: auto;margin-right: auto;margin-top:10px;width:100%;\"><\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-separator\" style=\"margin-left: auto;margin-right: auto;margin-top:0px;margin-bottom:30px;width:100%;max-width:70px;\"><div class=\"fusion-separator-border sep-single sep-solid\" style=\"--awb-height:20px;--awb-amount:20px;--awb-sep-color:#213d65;border-color:#213d65;border-top-width:1px;\"><\/div><\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-text fusion-text-6\"><p>These Posts may also interest you :<\/p>\n<\/div><div class=\"fusion-recent-posts fusion-recent-posts-1 avada-container layout-default layout-columns-4 fusion-recent-posts-center\"><section class=\"fusion-columns columns fusion-columns-4 columns-4\"><article class=\"post fusion-column column col col-lg-3 col-md-3 col-sm-3\"><div class=\"fusion-flexslider fusion-flexslider-loading flexslider flexslider-hover-type-none\"><ul class=\"slides\"><li><a href=\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/designing-an-information-management-scheme\/\" aria-label=\"Designing an information management scheme\" class=\"hover-type-none\"><img decoding=\"async\" width=\"325\" height=\"325\" src=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/lifecycle-management.png\" class=\"attachment-recent-posts size-recent-posts\" alt=\"\" srcset=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/lifecycle-management-66x66.png 66w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/lifecycle-management-150x150.png 150w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/lifecycle-management-200x200.png 200w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/lifecycle-management-300x300.png 300w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/lifecycle-management.png 325w\" sizes=\"(max-width: 325px) 100vw, 325px\" \/><\/a><\/li><\/ul><\/div><div class=\"recent-posts-content\"><span class=\"vcard\" style=\"display: none;\"><span class=\"fn\"><a href=\"https:\/\/ismsalliance.com\/author\/admin\/\" title=\"Posts by ISMS\" rel=\"author\">ISMS<\/a><\/span><\/span><h4 class=\"entry-title\"><a href=\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/designing-an-information-management-scheme\/\">Designing an information management scheme<\/a><\/h4><\/div><\/article><article class=\"post fusion-column column col col-lg-3 col-md-3 col-sm-3\"><div class=\"fusion-flexslider fusion-flexslider-loading flexslider flexslider-hover-type-none\"><ul class=\"slides\"><li><a href=\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-approach-security-measures-and-controls\/\" aria-label=\"How to approach security measures and controls\" class=\"hover-type-none\"><img decoding=\"async\" width=\"400\" height=\"400\" src=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/security-measures.jpeg\" class=\"attachment-recent-posts size-recent-posts\" alt=\"\" srcset=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/security-measures-66x66.jpeg 66w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/security-measures-150x150.jpeg 150w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/security-measures-200x200.jpeg 200w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/security-measures-300x300.jpeg 300w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/security-measures.jpeg 400w\" sizes=\"(max-width: 400px) 100vw, 400px\" \/><\/a><\/li><\/ul><\/div><div class=\"recent-posts-content\"><span class=\"vcard\" style=\"display: none;\"><span class=\"fn\"><a href=\"https:\/\/ismsalliance.com\/author\/admin\/\" title=\"Posts by ISMS\" rel=\"author\">ISMS<\/a><\/span><\/span><h4 class=\"entry-title\"><a href=\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-approach-security-measures-and-controls\/\">How to approach security measures and controls<\/a><\/h4><\/div><\/article><article class=\"post fusion-column column col col-lg-3 col-md-3 col-sm-3\"><div class=\"fusion-flexslider fusion-flexslider-loading flexslider flexslider-hover-type-none\"><ul class=\"slides\"><li><a href=\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/\" aria-label=\"How to develop a Statement of Applicability in ISO 27001\" class=\"hover-type-none\"><img decoding=\"async\" width=\"300\" height=\"214\" src=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa.jpg\" class=\"attachment-recent-posts size-recent-posts\" alt=\"\" srcset=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa-200x143.jpg 200w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa.jpg 300w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/li><\/ul><\/div><div class=\"recent-posts-content\"><span class=\"vcard\" style=\"display: none;\"><span class=\"fn\"><a href=\"https:\/\/ismsalliance.com\/author\/admin\/\" title=\"Posts by ISMS\" rel=\"author\">ISMS<\/a><\/span><\/span><h4 class=\"entry-title\"><a href=\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/\">How to develop a Statement of Applicability in ISO 27001<\/a><\/h4><\/div><\/article><article class=\"post fusion-column column col col-lg-3 col-md-3 col-sm-3\"><div class=\"fusion-flexslider fusion-flexslider-loading flexslider flexslider-hover-type-none\"><ul class=\"slides\"><li><a href=\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/information-security-risk-assessment-and-management\/\" aria-label=\"Information Security Risk Assessment and Management\" class=\"hover-type-none\"><img decoding=\"async\" width=\"407\" height=\"406\" src=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/02-riskassessment.png\" class=\"attachment-recent-posts size-recent-posts\" alt=\"\" srcset=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/02-riskassessment-66x66.png 66w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/02-riskassessment-150x150.png 150w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/02-riskassessment-200x200.png 200w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/02-riskassessment-300x300.png 300w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/02-riskassessment-400x399.png 400w, https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/02-riskassessment.png 407w\" sizes=\"(max-width: 407px) 100vw, 407px\" \/><\/a><\/li><\/ul><\/div><div class=\"recent-posts-content\"><span class=\"vcard\" style=\"display: none;\"><span class=\"fn\"><a href=\"https:\/\/ismsalliance.com\/author\/admin\/\" title=\"Posts by ISMS\" rel=\"author\">ISMS<\/a><\/span><\/span><h4 class=\"entry-title\"><a href=\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/information-security-risk-assessment-and-management\/\">Information Security Risk Assessment and Management<\/a><\/h4><\/div><\/article><\/section><\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-5 nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-background-position:left top;--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-bottom:100px;--awb-border-sizes-top:0px;--awb-border-sizes-bottom:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-4 fusion_builder_column_1_1 1_1 fusion-one-full fusion-column-first fusion-column-last fusion-column-no-min-height\" style=\"--awb-bg-size:cover;--awb-margin-bottom:0px;\"><div class=\"fusion-column-wrapper fusion-flex-column-wrapper-legacy\"><div class=\"fusion-sharing-box fusion-sharing-box-1 boxed-icons has-taglines layout-floated layout-medium-floated layout-small-floated\" style=\"background-color:#ffffff;--awb-layout:row;--awb-alignment-small:space-between;\" data-title=\"Information Security Risk Assessment and Management\" data-description=\"Why Risk Assessment is important ?\r\nIt is important to ensure that any corporate risk management strategy, risk management method and assessment methods are borne in mind when carrying out information security risk assessments.\r\n\r\nOrganisations wishing to achieve certification to ISO\/IEC 27001 should note that (as per clauses 8.2 and 8.2 of ISO\/IEC 27001)\" data-link=\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/information-security-risk-assessment-and-management\/\"><h4 class=\"tagline\" style=\"color:#2d2d2d;\">Share This Article, Choose Your Platform!<\/h4><div class=\"fusion-social-networks sharingbox-shortcode-icon-wrapper sharingbox-shortcode-icon-wrapper-1 boxed-icons\"><span><a href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fismsalliance.com%2Ftrends%2Fiso-27001-isms-risk-management%2Finformation-security-risk-assessment-and-management%2F&amp;t=Information%20Security%20Risk%20Assessment%20and%20Management\" target=\"_blank\" rel=\"noreferrer\" title=\"Facebook\" aria-label=\"Facebook\" data-placement=\"top\" data-toggle=\"tooltip\" data-title=\"Facebook\"><i class=\"fusion-social-network-icon fusion-tooltip fusion-facebook awb-icon-facebook\" style=\"color:#999999;background-color:#f4f4f4;border-color:#f4f4f4;border-radius:50%;\" aria-hidden=\"true\"><\/i><\/a><\/span><span><a href=\"https:\/\/twitter.com\/share?text=Information%20Security%20Risk%20Assessment%20and%20Management&amp;url=https%3A%2F%2Fismsalliance.com%2Ftrends%2Fiso-27001-isms-risk-management%2Finformation-security-risk-assessment-and-management%2F\" target=\"_blank\" rel=\"noopener noreferrer\" title=\"X\" aria-label=\"X\" data-placement=\"top\" data-toggle=\"tooltip\" data-title=\"X\"><i class=\"fusion-social-network-icon fusion-tooltip fusion-twitter awb-icon-twitter\" style=\"color:#999999;background-color:#f4f4f4;border-color:#f4f4f4;border-radius:50%;\" aria-hidden=\"true\"><\/i><\/a><\/span><span><a href=\"https:\/\/www.linkedin.com\/shareArticle?mini=true&amp;url=https%3A%2F%2Fismsalliance.com%2Ftrends%2Fiso-27001-isms-risk-management%2Finformation-security-risk-assessment-and-management%2F&amp;title=Information%20Security%20Risk%20Assessment%20and%20Management&amp;summary=Why%20Risk%20Assessment%20is%20important%20%3F%0D%0AIt%20is%20important%20to%20ensure%20that%20any%20corporate%20risk%20management%20strategy%2C%20risk%20management%20method%20and%20assessment%20methods%20are%20borne%20in%20mind%20when%20carrying%20out%20information%20security%20risk%20assessments.%0D%0A%0D%0AOrganisations%20wishing%20to%20achieve%20certification%20to%20ISO%2FIEC%2027001%20should%20note%20that%20%28as%20per%20clauses%208.2%20and%208.2%20of%20ISO%2FIEC%2027001%29\" target=\"_blank\" rel=\"noopener noreferrer\" title=\"LinkedIn\" aria-label=\"LinkedIn\" data-placement=\"top\" data-toggle=\"tooltip\" data-title=\"LinkedIn\"><i class=\"fusion-social-network-icon fusion-tooltip fusion-linkedin awb-icon-linkedin\" style=\"color:#999999;background-color:#f4f4f4;border-color:#f4f4f4;border-radius:50%;\" aria-hidden=\"true\"><\/i><\/a><\/span><span><a href=\"https:\/\/pinterest.com\/pin\/create\/button\/?url=https%3A%2F%2Fismsalliance.com%2Ftrends%2Fiso-27001-isms-risk-management%2Finformation-security-risk-assessment-and-management%2F&amp;description=Why%20Risk%20Assessment%20is%20important%20%3F%0D%0AIt%20is%20important%20to%20ensure%20that%20any%20corporate%20risk%20management%20strategy%2C%20risk%20management%20method%20and%20assessment%20methods%20are%20borne%20in%20mind%20when%20carrying%20out%20information%20security%20risk%20assessments.%0D%0A%0D%0AOrganisations%20wishing%20to%20achieve%20certification%20to%20ISO%2FIEC%2027001%20should%20note%20that%20%28as%20per%20clauses%208.2%20and%208.2%20of%20ISO%2FIEC%2027001%29&amp;media=\" target=\"_blank\" rel=\"noopener noreferrer\" title=\"Pinterest\" aria-label=\"Pinterest\" data-placement=\"top\" data-toggle=\"tooltip\" data-title=\"Pinterest\"><i class=\"fusion-social-network-icon fusion-tooltip fusion-pinterest awb-icon-pinterest\" style=\"color:#999999;background-color:#f4f4f4;border-color:#f4f4f4;border-radius:50%;\" aria-hidden=\"true\"><\/i><\/a><\/span><\/div><\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-6 hundred-percent-fullwidth non-hundred-percent-height-scrolling fusion-equal-height-columns\" style=\"--awb-background-position:left top;--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-top:0px;--awb-padding-right:0px;--awb-padding-bottom:0px;--awb-padding-left:0px;--awb-background-color:#ffffff;--awb-border-sizes-top:0px;--awb-border-sizes-bottom:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-5 fusion_builder_column_1_2 1_2 fusion-one-half fusion-column-first fusion-column-inner-bg-wrapper fusion-column-liftup-border\" style=\"--awb-padding-top:16%;--awb-padding-right:16%;--awb-padding-bottom:9%;--awb-padding-left:16%;--awb-inner-bg-color:#f9f9f9;--awb-inner-bg-color-hover:#f9f9f9;--awb-inner-bg-size:cover;--awb-margin-bottom:0px;width:50%;width:calc(50% - ( ( 0px ) * 0.5 ) );margin-right: 0px;\"><span class=\"fusion-column-inner-bg hover-type-liftup\"><a class=\"fusion-column-anchor\" href=\"https:\/\/ismsalliance.com\/services\/isms-implementation\/\"><span class=\"fusion-column-inner-bg-image\"><\/span><\/a><\/span><div class=\"fusion-column-wrapper fusion-flex-column-wrapper-legacy\"><div class=\"fusion-column-content-centered\"><div class=\"fusion-column-content\"><div class=\"fusion-content-boxes content-boxes columns row fusion-columns-1 fusion-columns-total-1 fusion-content-boxes-1 content-boxes-icon-on-top content-left\" style=\"--awb-margin-bottom:20px;--awb-hover-accent-color:#5bdccd;--awb-circle-hover-accent-color:transparent;--awb-item-margin-bottom:40px;\" data-animationOffset=\"top-into-view\"><div style=\"--awb-backgroundcolor:rgba(255,255,255,0);\" class=\"fusion-column content-box-column content-box-column content-box-column-1 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper link-area-box link-type-button-bar icon-hover-animation-fade\" data-link=\"https:\/\/ismsalliance.com\/services\/isms-implementation\/\" data-link-target=\"_self\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><a class=\"heading-link\" href=\"https:\/\/ismsalliance.com\/services\/isms-implementation\/\" target=\"_self\"><div class=\"icon\"><i style=\"background-color:transparent;border-color:transparent;height:auto;width: 70px;line-height:normal;font-size:70px;\" aria-hidden=\"true\" class=\"fontawesome-icon fa-network-wired fas circle-no\"><\/i><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:26px;--fontSize:26;line-height:1.1;\">ISO 27001 Toolkit<\/h2><\/a><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p>The ISO27001 Toolkit is the best way to put an Information Security Management System (ISMS) in place quickly and effectively and achieve certification to the ISO27001 standard with much less effort than doing it all yourself. Our quality template documents and checklists come complete with 12 months of updates and support, helping you to get to ISO27001 certification fast.<\/p>\n<\/div><div class=\"fusion-clearfix\"><\/div><a class=\" fusion-read-more fusion-button-bar\" href=\"https:\/\/ismsalliance.com\/services\/isms-implementation\/\" target=\"_self\">Learn More<\/a><div class=\"fusion-clearfix\"><\/div><\/div><\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-6 fusion_builder_column_1_2 1_2 fusion-one-half fusion-column-last fusion-column-inner-bg-wrapper fusion-column-liftup-border\" style=\"--awb-padding-top:16%;--awb-padding-right:16%;--awb-padding-bottom:9%;--awb-padding-left:16%;--awb-inner-bg-color:#ffffff;--awb-inner-bg-color-hover:#ffffff;--awb-inner-bg-size:cover;--awb-margin-bottom:0px;width:50%;width:calc(50% - ( ( 0px ) * 0.5 ) );\"><span class=\"fusion-column-inner-bg hover-type-liftup\"><a class=\"fusion-column-anchor\" href=\"https:\/\/ismsalliance.com\/services\/isms-online-consultancy\/\"><span class=\"fusion-column-inner-bg-image\"><\/span><\/a><\/span><div class=\"fusion-column-wrapper fusion-flex-column-wrapper-legacy\"><div class=\"fusion-column-content-centered\"><div class=\"fusion-column-content\"><div class=\"fusion-content-boxes content-boxes columns row fusion-columns-1 fusion-columns-total-1 fusion-content-boxes-2 content-boxes-icon-on-top content-left\" style=\"--awb-margin-bottom:20px;--awb-hover-accent-color:#5bdccd;--awb-circle-hover-accent-color:transparent;--awb-item-margin-bottom:40px;\" data-animationOffset=\"top-into-view\"><div style=\"--awb-backgroundcolor:rgba(255,255,255,0);\" class=\"fusion-column content-box-column content-box-column content-box-column-1 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper link-area-box link-type-button-bar icon-hover-animation-fade\" data-link=\"https:\/\/ismsalliance.com\/services\/isms-online-consultancy\/\" data-link-target=\"_self\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><a class=\"heading-link\" href=\"https:\/\/ismsalliance.com\/services\/isms-online-consultancy\/\" target=\"_self\"><div class=\"icon\"><i style=\"background-color:transparent;border-color:transparent;height:auto;width: 70px;line-height:normal;font-size:70px;\" aria-hidden=\"true\" class=\"fontawesome-icon fa-file-signature fas circle-no\"><\/i><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:26px;--fontSize:26;line-height:1.1;\">ISO 27001 ISMS Consultancy<\/h2><\/a><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p>The ISO 27001 Online Consultancy Service will have you ready for accredited certification to ISO 27001:2013 in just a few months.<\/p>\n<p>You will be able to implement an ISMS (information security management system) and develop documentation that is suitably scaled to the size of your organisation.<\/p>\n<\/div><div class=\"fusion-clearfix\"><\/div><a class=\" fusion-read-more fusion-button-bar\" href=\"https:\/\/ismsalliance.com\/services\/isms-online-consultancy\/\" target=\"_self\">Learn More<\/a><div class=\"fusion-clearfix\"><\/div><\/div><\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><\/div><div class=\"fusion-bg-parallax\" data-bg-align=\"center center\" data-direction=\"up\" data-mute=\"false\" data-opacity=\"100\" data-velocity=\"-0.3\" data-mobile-enabled=\"false\" data-break_parents=\"0\" data-bg-image=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2017\/09\/credit_rating_advice_header_bg.jpg\" data-bg-repeat=\"false\" ><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-7 fusion-parallax-up nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-top:110px;--awb-padding-bottom:110px;--awb-background-image:url(&quot;https:\/\/ismsalliance.com\/wp-content\/uploads\/2017\/09\/credit_rating_advice_header_bg.jpg&quot;);--awb-background-size:cover;--awb-border-sizes-top:0px;--awb-border-sizes-bottom:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-7 fusion_builder_column_1_6 1_6 fusion-one-sixth fusion-column-first fusion-no-small-visibility\" style=\"--awb-bg-size:cover;width:13.3333%; margin-right: 4%;\"><div class=\"fusion-column-wrapper fusion-flex-column-wrapper-legacy\"><div class=\"fusion-clearfix\"><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-8 fusion_builder_column_2_3 2_3 fusion-two-third\" style=\"--awb-bg-size:cover;--awb-margin-top:3%;--awb-margin-bottom:3%;width:65.3333%; margin-right: 4%;\"><div class=\"fusion-column-wrapper fusion-flex-column-wrapper-legacy\"><div class=\"fusion-text fusion-text-7\"><h2 style=\"text-align: center; font-size: 72px; color: #ffffff;\">Ready to talk?<\/h2>\n<\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-separator fusion-full-width-sep\" style=\"margin-left: auto;margin-right: auto;margin-top:20px;width:100%;\"><\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-aligncenter\"><a class=\"fusion-button button-flat fusion-button-default-size button-default fusion-button-default button-1 fusion-button-default-span fusion-button-default-type\" target=\"_self\" href=\"https:\/\/ismsalliance.com\/contact\/\"><span class=\"fusion-button-text\">Let&#8217;s Talk<\/span><\/a><\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-9 fusion_builder_column_1_6 1_6 fusion-one-sixth fusion-column-last fusion-no-small-visibility\" style=\"--awb-bg-size:cover;width:13.3333%;\"><div class=\"fusion-column-wrapper fusion-flex-column-wrapper-legacy\"><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><\/div><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Statement of Applicability (SoA) is one of the key documents that you will need to produce for your ISO 27001 information security management system (ISMS).<\/p>\n","protected":false},"author":1,"featured_media":1749,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[384],"tags":[28,14,525,526,531,532],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.1 (Yoast SEO v22.3) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to develop a Statement of Applicability in ISO 27001<\/title>\n<meta name=\"description\" content=\"The Statement of Applicability (SoA) is one of the key documents that you will need to produce for your ISO 27001 information security management system.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to develop a Statement of Applicability in ISO 27001\" \/>\n<meta property=\"og:description\" content=\"The Statement of Applicability (SoA) is one of the key documents that you will need to produce for your ISO 27001 information security management system.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/\" \/>\n<meta property=\"og:site_name\" content=\"ISMS ALLIANCE\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-02T18:34:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-03-11T18:02:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"214\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ISMS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ISMS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/\"},\"author\":{\"name\":\"ISMS\",\"@id\":\"https:\/\/ismsalliance.com\/#\/schema\/person\/b17545d0617cdf0a43fa8625d1615fff\"},\"headline\":\"How to develop a Statement of Applicability in ISO 27001\",\"datePublished\":\"2018-12-02T18:34:16+00:00\",\"dateModified\":\"2019-03-11T18:02:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/\"},\"wordCount\":3146,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/ismsalliance.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa.jpg\",\"keywords\":[\"isms\",\"iso 27001\",\"risk assessment\",\"risk management\",\"SOA\",\"Statement of applicability\"],\"articleSection\":[\"ISO 27001 \/ ISMS Risk Management\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/\",\"url\":\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/\",\"name\":\"How to develop a Statement of Applicability in ISO 27001\",\"isPartOf\":{\"@id\":\"https:\/\/ismsalliance.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa.jpg\",\"datePublished\":\"2018-12-02T18:34:16+00:00\",\"dateModified\":\"2019-03-11T18:02:17+00:00\",\"description\":\"The Statement of Applicability (SoA) is one of the key documents that you will need to produce for your ISO 27001 information security management system.\",\"breadcrumb\":{\"@id\":\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#primaryimage\",\"url\":\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa.jpg\",\"contentUrl\":\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa.jpg\",\"width\":300,\"height\":214},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/ismsalliance.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to develop a Statement of Applicability in ISO 27001\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ismsalliance.com\/#website\",\"url\":\"https:\/\/ismsalliance.com\/\",\"name\":\"ISMS ALLIANCE\",\"description\":\"Manage your ISMS online\",\"publisher\":{\"@id\":\"https:\/\/ismsalliance.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ismsalliance.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/ismsalliance.com\/#organization\",\"name\":\"ISMS ALLIANCE\",\"url\":\"https:\/\/ismsalliance.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/ismsalliance.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/11\/iso-iec-27001-2013-1.png\",\"contentUrl\":\"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/11\/iso-iec-27001-2013-1.png\",\"width\":148,\"height\":136,\"caption\":\"ISMS ALLIANCE\"},\"image\":{\"@id\":\"https:\/\/ismsalliance.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/ismsalliance.com\/#\/schema\/person\/b17545d0617cdf0a43fa8625d1615fff\",\"name\":\"ISMS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/ismsalliance.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/75aebb64730453ef538620269a476c4e?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/75aebb64730453ef538620269a476c4e?s=96&d=retro&r=g\",\"caption\":\"ISMS\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to develop a Statement of Applicability in ISO 27001","description":"The Statement of Applicability (SoA) is one of the key documents that you will need to produce for your ISO 27001 information security management system.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/","og_locale":"en_GB","og_type":"article","og_title":"How to develop a Statement of Applicability in ISO 27001","og_description":"The Statement of Applicability (SoA) is one of the key documents that you will need to produce for your ISO 27001 information security management system.","og_url":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/","og_site_name":"ISMS ALLIANCE","article_published_time":"2018-12-02T18:34:16+00:00","article_modified_time":"2019-03-11T18:02:17+00:00","og_image":[{"width":300,"height":214,"url":"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa.jpg","type":"image\/jpeg"}],"author":"ISMS","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ISMS","Estimated reading time":"16 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#article","isPartOf":{"@id":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/"},"author":{"name":"ISMS","@id":"https:\/\/ismsalliance.com\/#\/schema\/person\/b17545d0617cdf0a43fa8625d1615fff"},"headline":"How to develop a Statement of Applicability in ISO 27001","datePublished":"2018-12-02T18:34:16+00:00","dateModified":"2019-03-11T18:02:17+00:00","mainEntityOfPage":{"@id":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/"},"wordCount":3146,"commentCount":0,"publisher":{"@id":"https:\/\/ismsalliance.com\/#organization"},"image":{"@id":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#primaryimage"},"thumbnailUrl":"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa.jpg","keywords":["isms","iso 27001","risk assessment","risk management","SOA","Statement of applicability"],"articleSection":["ISO 27001 \/ ISMS Risk Management"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/","url":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/","name":"How to develop a Statement of Applicability in ISO 27001","isPartOf":{"@id":"https:\/\/ismsalliance.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#primaryimage"},"image":{"@id":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#primaryimage"},"thumbnailUrl":"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa.jpg","datePublished":"2018-12-02T18:34:16+00:00","dateModified":"2019-03-11T18:02:17+00:00","description":"The Statement of Applicability (SoA) is one of the key documents that you will need to produce for your ISO 27001 information security management system.","breadcrumb":{"@id":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#primaryimage","url":"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa.jpg","contentUrl":"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/12\/soa.jpg","width":300,"height":214},{"@type":"BreadcrumbList","@id":"https:\/\/ismsalliance.com\/trends\/iso-27001-isms-risk-management\/how-to-develop-a-statement-of-applicability-in-iso-27001\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/ismsalliance.com\/"},{"@type":"ListItem","position":2,"name":"How to develop a Statement of Applicability in ISO 27001"}]},{"@type":"WebSite","@id":"https:\/\/ismsalliance.com\/#website","url":"https:\/\/ismsalliance.com\/","name":"ISMS ALLIANCE","description":"Manage your ISMS online","publisher":{"@id":"https:\/\/ismsalliance.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ismsalliance.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/ismsalliance.com\/#organization","name":"ISMS ALLIANCE","url":"https:\/\/ismsalliance.com\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/ismsalliance.com\/#\/schema\/logo\/image\/","url":"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/11\/iso-iec-27001-2013-1.png","contentUrl":"https:\/\/ismsalliance.com\/wp-content\/uploads\/2018\/11\/iso-iec-27001-2013-1.png","width":148,"height":136,"caption":"ISMS ALLIANCE"},"image":{"@id":"https:\/\/ismsalliance.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/ismsalliance.com\/#\/schema\/person\/b17545d0617cdf0a43fa8625d1615fff","name":"ISMS","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/ismsalliance.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/75aebb64730453ef538620269a476c4e?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/75aebb64730453ef538620269a476c4e?s=96&d=retro&r=g","caption":"ISMS"}}]}},"_links":{"self":[{"href":"https:\/\/ismsalliance.com\/wp-json\/wp\/v2\/posts\/1747"}],"collection":[{"href":"https:\/\/ismsalliance.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ismsalliance.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ismsalliance.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ismsalliance.com\/wp-json\/wp\/v2\/comments?post=1747"}],"version-history":[{"count":0,"href":"https:\/\/ismsalliance.com\/wp-json\/wp\/v2\/posts\/1747\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ismsalliance.com\/wp-json\/wp\/v2\/media\/1749"}],"wp:attachment":[{"href":"https:\/\/ismsalliance.com\/wp-json\/wp\/v2\/media?parent=1747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ismsalliance.com\/wp-json\/wp\/v2\/categories?post=1747"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ismsalliance.com\/wp-json\/wp\/v2\/tags?post=1747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}