>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

RM-10Statement of Applicability

>Control Description

Management prepares a statement of applicability that includes control objectives, implemented controls, and business justification for excluded controls. Management aligns the statement of applicability with the results of the annual risk assessment.

Theme

Process

Type

Preventive

Policy/Standard

Risk Management Standard

>Implementation Guidance

1. Ensure that the statement of applicability (SOA) is approved by the management and in alignment with the outcomes of the annual risk assessment to ensure consistency and relevance.

>Testing Procedure

1. Inspect the organization's statement of applicability (SOA) and compares it with the result of the annual risk assessment. 2. Validate whether the statement of applicability is approved by management.

>Audit Artifacts

E-RM-17

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

ISO 27001
3

6.1.3(b)
6.1.3(c)
6.1.3(d)

PCI DSS
5

12.3
12.3.1
12.3.2
12.3.3
12.3.4

Ask AI

Configure your API key to use AI features.