The Information Security Statement of Applicability (SoA) is a vital document for all businesses and forms part of the international standard for 27001 Information Security Management System.
This simple, clear and easy-to-use Information Security Statement of Applicability (SoA) outlines the specific controls a business has selected to implement to manage its information security risks.
Outlined in the Information Security Statement of Applicability (SoA) is:
- an asset register which includes:
- Confidential assets; information that is not meant to be publicly available,
- Availability assets; these much be available when needed, and
- Integrity assets; these are assets that must be accurate and trustworthy.
- A statement of applicability, which includes
- Segregation of duties,
- Management responsibilities,
- Policies and procedures,
- Threat intelligence,
- Inventory of information, and much more.
The Information Security Statement of Applicability (SoA) is suitable for any industry and should be regularly reviewed and updated to reflect changes in a businesses risk environment, processes and information security requirements.
