Statement of Applicability


The following links provide documents that contain blank tables, which you can complete to compile a Statement of Applicability for ISO/IEC 27001 and ISO/IEC 27701.


Right-Click and select SAVE TARGET/LINK AS


The following link provides a Microsoft Word document that contains one blank table, which you can complete to compile a Statement of Applicability for the ISO/IEC 27001 Annex A controls.


ISO/IEC 27001:2013, Annex A


The following link provides a Microsoft Word document that contains three blank tables that you can complete to compile a Statement of Applicability for the following three sets of controls.


ISO/IEC 27001 Annex A
ISO/IEC 27701 Annex A for PII Controllers
ISO/IEC 27701 Annex B for PII Processors


ISO/IEC 27001:2013, Annex A and ISO/IEC 27701:2019, Annexes A and B


The tables all have a right hand column titled Notes on Implementation to record information for a detailed Statement of Applicability, primarily intended for internal use. Delete this column (on each of the tables), to create a (concise) Statement of Applicability, which conforms to the minimum requirements of ISO/IEC 27001, and to be referenced on your ISO/IEC 27001 certificate.


COMING SOON


Additional tables to augment a Statement of Applicability to cover the following controls of ISO 37001.


ISO 37001:2016 - 8.3 & A.11 (Financial Controls) and 8.4 & A.12 (Non-Financial Controls)

ISO 37001:2016 - A.6, A.8, A.9, 8.2 & A.10, 8.5 & A.13, 8.6 & A.14, 8.7 & A.15, 8.8, 8.9, 8.10 & A.18

ISO 37001:2016 - A.6, A.8, A.9, 8.2 & A.10, 8.3 & A.11, 8.4 & A.12, 8.5 & A.13, 8.6 & A.14, 8.7 & A.15, 8.8, 8.9, 8.10 & A.18