![]() ![]() You can share this information with some people (for example auditors), but not with all the world. The main purpose of ISO 27001 is the protection of information, and the SoA can have important information about the business (information about business process, references to documents, intranet links, etc). This article about the classification of the information can be interesting for you Information classification according to ISO 27001 : Īnd also this article abo ut the importance of the SoA The importance of Statement of Applicability for ISO 27001 : Then, generally the SoA is not considered as a public document, because can have internal information about the business, and it is recommendable to consider this document as Internal use or Restricted (from my point of view this document is not confidential"), this mean that an external people cannot access to this document, although an exception can be an auditor. ![]() ![]() ISO 27001 does not require the SoA to be a public document, so it is up to each company to consider whether it is confidential or not. But our clients say this is confidential. ![]() Our 27001 auditor says we have to share our Statement of Applicability, if requested. AntonioS Tue, 23:37:49 GMT We hace received this question: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |