Which of the actions presented in scenario 4 is NOT compliant with the requirements of ISO/IEC 27001?
Which of the actions presented in scenario 4 is NOT compliant with the requirements of ISO/IEC 27001?
The answer here is B The statement of applicability or SoA Contains All necessary controls and for each Justification for inclusion Whether the controls implemented or not Justification for exclusion Development of the SoA is part of the risk treatment process As per ISO27005 after it has prioritised the risk for risk treatment the organisation Determines the controls and develops the SoA then risk plan. See PECB day 2 page 139