Full Logo White No BG 2.png
Welcome to the CyberComply help centre!
Account configuration
Editing user details
Editing organisation details
Inviting additional users
Troubleshooting
Exporting a .HAR file
Exporting console logs
ISO 27001
Using CyberComply for ISO 27001 compliance
Guide to ISO/IEC 27001:2022 – Information Security Management
Statement of Applicability
Asset classes
Assets
Risk assessments
GDPR
Guide to the General Data Protection Regulation (GDPR)
Using CyberComply for GDPR compliance
Control sets
Which Information Security controls are available?
Settings
Adding tasks
Tasks
Editing risks
Adding a custom risk
Adding a risk from the library
Starting a risk assessment
Editing assets
Importing assets
Adding assets
Adding a custom classification
Adding a custom region
Adding custom threats and vulnerabilities
Uploading a logo
Adding a custom role
Legal and Security
Privacy policy
Home
ISO 27001
Statement of Applica...
Statement of Applicability

A Statement of Applicability (SoA) is a document that is required for certification to ISO 27001. The SoA must contain the following information:

  • A list of information security controls selected to mitigate risk.
  • Justifications for the inclusion of the selected controls.
  • Confirmation of whether the controls are fully implemented.
  • Justifications for excluding any of the ISO 27001 Annex A controls.

CyberComply can automatically generate the SoA from data that you have entered.

Creating an SoA with CyberComply

You can automatically generate an SoA for your organisation as follows:

  1. Click the Menu button, then under the Controls section, click ISO/IEC 27002:2022.
  2. Click Expand controls in the left-hand bar.
  3. You can see the list of controls for ISO 27001. These are the controls that need to be considered for ISO 27001 certification.
  4. Each of these controls has a status. The default is Not Considered, but they can also be Excluded/not applicable, Selected – Planned, or Selected – Implemented.
  5. For each control, click the current status (e.g., Not Considered) to make the buttons appear for the other statuses. Select the relevant status.
  6. For Excluded/not applicable, you will be invited to record a reason for exclusion. For both Selected – Planned and Selected – Implemented, you will be invited to record a reason for selection. If you choose Selected – Planned, you will be invited to create a task to begin the planning process.
  7. Click Save.
  8. Repeat steps 5 to 7 for all the displayed controls.
  9. When you have recorded your exclusion or selection of all the controls, click Reports at the top of the screen and select Statement of Applicability.
  10. CyberComply will generate your SoA. You can Publish the report or Print it using the relevant icons.
  11. If you want to save the report, print it as a .pdf file and save that.
Did this answer you question?