replaced links and paths
This commit is contained in:
parent
2fbe163fff
commit
99203c6dc5
154 changed files with 542 additions and 542 deletions
|
|
@ -2,23 +2,23 @@
|
|||
|
||||
## PECB Lead Auditor Training
|
||||
|
||||
[[PECB 27001 LA S05 E01a - Context of the organization]]
|
||||
[PECB 27001 LA S05 E01a - Context of the organization](../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md)
|
||||
|
||||
## Sparks
|
||||
[[The ISMS in its context]]
|
||||
[[Context analysis]]
|
||||
[The ISMS in its context](The%20ISMS%20in%20its%20context.md)
|
||||
[Context analysis](../../../📚️%20Literature%20notes/Context%20analysis.md)
|
||||
|
||||
## Mark I content
|
||||
[[ISO27DIY Video A.4 Context and Scope - Internal issues]]
|
||||
[ISO27DIY Video A.4 Context and Scope - Internal issues](../../../🧱%20Projects/iso27DIY%20mk%20I/ISO27DIY%20Video%20A.4%20Context%20and%20Scope%20-%20Internal%20issues.md)
|
||||
|
||||
[[ISO27DIY Video A.2 Context and Scope - Stakeholders]]
|
||||
[[ISO27DIY Video A.3 Context and Scope - Regulations and Contracts]]
|
||||
[ISO27DIY Video A.2 Context and Scope - Stakeholders](../../../🧱%20Projects/iso27DIY%20mk%20I/ISO27DIY%20Video%20A.2%20Context%20and%20Scope%20-%20Stakeholders.md)
|
||||
[ISO27DIY Video A.3 Context and Scope - Regulations and Contracts](../../../🧱%20Projects/iso27DIY%20mk%20I/ISO27DIY%20Video%20A.3%20Context%20and%20Scope%20-%20Regulations%20and%20Contracts.md)
|
||||
|
||||
## Standard
|
||||
[[ISO_27001_2022_4.1_MoC Understanding the organization and its context]]
|
||||
[[ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties]]
|
||||
[[ISO_27001_2022_4.3_MoC Determining the scope of the information security management system]]
|
||||
[[ISO_27001_2022_4.4_MoC Information security management system]]
|
||||
[ISO_27001_2022_4.1_MoC Understanding the organization and its context](../../Corpus/Standards/MoCs/ISO_27001_2022_4.1_MoC%20Understanding%20the%20organization%20and%20its%20context.md)
|
||||
[ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties](../../Corpus/Standards/MoCs/ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md)
|
||||
[ISO_27001_2022_4.3_MoC Determining the scope of the information security management system](../../Corpus/Standards/MoCs/ISO_27001_2022_4.3_MoC%20Determining%20the%20scope%20of%20the%20information%20security%20management%20system.md)
|
||||
[ISO_27001_2022_4.4_MoC Information security management system](../../Corpus/Standards/MoCs/ISO_27001_2022_4.4_MoC%20Information%20security%20management%20system.md)
|
||||
|
||||
|
||||
## From the 'canvas'
|
||||
|
|
@ -27,12 +27,12 @@ Functiehuis (4.1)
|
|||
Organogram (4.1)
|
||||
Bedrijfsprocessen (4.1)
|
||||
SWOT (4.1)
|
||||
- [[SWOT Analyses template]]
|
||||
- [SWOT Analyses template](../../../🎇%20Sparks/SWOT%20Analyses%20template.md)
|
||||
DESTEP (4.2)
|
||||
Stakeholder analyse (4.2)
|
||||
Wet- en regelgeving (4.2, A5.31-A5.34)
|
||||
|
||||
## Further research
|
||||
- [ ] Assets?
|
||||
- [ ] Impactbepaling uit [[Dataclassificatie Humankind]]
|
||||
- [ ] Impactbepaling uit [Dataclassificatie Humankind](../../../🏭%20Clients/Humankind/Dataclassificatie%20Humankind.md)
|
||||
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ tags:
|
|||
---
|
||||
## About the Statement of Applicability
|
||||
|
||||
In essence, the Statement of Applicability shows the outcome of the risk treatment process ([[ISO_27001_2022_6.1.3_MoC Information security risk treatment|6.1.3a]]). It is usually presented as a table of Annex A controls, together with a short explanation for the selection *or* exclusion of each, and its implementation status.
|
||||
In essence, the Statement of Applicability shows the outcome of the risk treatment process ([6.1.3a](../../Corpus/Standards/MoCs/ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md)). It is usually presented as a table of Annex A controls, together with a short explanation for the selection *or* exclusion of each, and its implementation status.
|
||||
|
||||
This follows directly from [[ISO_27001_2022_6.1.3_MoC Information security risk treatment|Clause 6.1.3d]], that demands that the Statement of Applicability contains:
|
||||
This follows directly from [Clause 6.1.3d](../../Corpus/Standards/MoCs/ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md), that demands that the Statement of Applicability contains:
|
||||
* the controls that are **necessary** to implement the chosen risk treatments, including the rationale for their selection
|
||||
* the **status** of their implementation *("whether the necessary controls are implemented or not")*
|
||||
* the reason for exclusion of any and all other controls from Annex A.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue