O'Reilly logo

Risk Assessment for Asset Owners by Steve Watkins, Alan Calder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 11: STATEMENT OF APPLICABILITY AND RISK TREATMENT PLAN

The completion of the risk assessment and the risk treatment decisions must be documented. This produces two documents:

• Statement of Applicability, and

• Risk Treatment Plan.

The first lists all the controls listed in Annex A of ISO27001 and documents whether or not they have been applied within the ISMS, and also identifies any additional controls that have been applied. The second maps the selected treatments (and the measures by which they are to be implemented) to the specific risks they are intended to address and is, in effect, a control implementation plan.

The Statement of Applicability

As the controls are selected, the Statement of Applicability (‘SoA’) can start ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required