Cybersecurity Compliance: Information security management system - ISO 27001 – Statement of Applicability (SoA)
ISO 27001 is an international standard for information security management systems (ISMS), providing a framework for organizations to manage and protect their information assets securely.
The standard is designed to ensure the selection of adequate and proportionate security controls. This involves assessing the organization's information security risks, including the threats, vulnerabilities, and impacts, to design and implement identified information security controls.
An important part of the ISO 27001 standard is the Annex A, which provides a list of controls in that organizations can implement to mitigate information security risks. The applicability of these controls depends on the organization's specific risk environment, and decisions on which controls to implement should be documented in the Statement of Applicability (SoA).
ISO 27001 certification involves an independent audit performed by an accredited certification body to verify that the ISMS conforms to the requirements of the standard. Internetstiftelsen is accredited by Intertek.
You can find more information about Internetstiftelsen’s information security work on internetstiftelsen.se and download the issued Certificate and Statement of Applicability (SoA) on registry.se under Downloads.
