richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

replaced links and paths

Browse source
This commit is contained in:
Richard Kranendonk 2026-04-20 13:27:09 +02:00
parent 2fbe163fff
commit 99203c6dc5
154 changed files with 542 additions and 542 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Drafts and Ideas/ISMS/About the Statement of Applicability.md
View file

@ -5,9 +5,9 @@ tags:
---
## About the Statement of Applicability
In essence, the Statement of Applicability shows the outcome of the risk treatment process ([[ISO_27001_2022_6.1.3_MoC Information security risk treatment|6.1.3a]]). It is usually presented as a table of Annex A controls, together with a short explanation for the selection *or* exclusion of each, and its implementation status.
In essence, the Statement of Applicability shows the outcome of the risk treatment process ([6.1.3a](../../Corpus/Standards/MoCs/ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md)). It is usually presented as a table of Annex A controls, together with a short explanation for the selection *or* exclusion of each, and its implementation status.
This follows directly from [[ISO_27001_2022_6.1.3_MoC Information security risk treatment|Clause 6.1.3d]], that demands that the Statement of Applicability contains:
This follows directly from [Clause 6.1.3d](../../Corpus/Standards/MoCs/ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md), that demands that the Statement of Applicability contains:
* the controls that are **necessary** to implement the chosen risk treatments, including the rationale for their selection
* the **status** of their implementation *("whether the necessary controls are implemented or not")*
* the reason for exclusion of any and all other controls from Annex A.