ISC2 Governance, Risk and Compliance (CGRC) Practice Question
While aligning its information security program to ISO/IEC 27001, a security team must provide auditors with a document that lists every Annex A control, indicates whether each one is applied, and justifies any exclusions. Which required ISO/IEC 27001 artifact fulfills this purpose?
ISO/IEC 27001 clause 6.1.3 d) makes the Statement of Applicability mandatory. The SoA enumerates all Annex A controls, states whether each control is implemented, and records the justification for inclusion or exclusion, as well as references to how applicable controls are implemented. A risk treatment plan details actions and resources for selected controls but does not list or justify every Annex A control. An information security policy sets overarching direction and intent but lacks the comprehensive control mapping. A generic control implementation summary is not a formally required document in ISO/IEC 27001.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Statement of Applicability (SoA) in ISO/IEC 27001?
Open an interactive chat with Bash
What is the difference between a Risk Treatment Plan and a Statement of Applicability?
Open an interactive chat with Bash
Why are Annex A controls important in ISO/IEC 27001?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Security and Privacy Governance, Risk Management, and Compliance Program
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .