ISO 27001 Statement of Applicability


The Statement of Applicability is a foundational tool in ISO 27001 designed to streamline your organisation’s information security management. This essential resource provides a comprehensive overview of your organisation’s approach to information security controls, highlighting the Annex A controls identified as crucial for mitigating risks. By linking the results of your risk assessment to specific controls, the Statement of Applicability ensures that your ISMS is perfectly tailored to the unique needs and risks of your organisation.

What is included?

Who is this template for?

Frequently asked questions

ISO 27001 is an ISO standard about information security, which you can use to build an Information Security Management System that will help you keep your information confidential, available, complete and accurate. If you’re new to ISO 27001 and management system standards, read our blog What is an Information Security Management System (ISMS) and how does it relate to ISO 27001?

Over the years our ISO consultants have developed a set of tools, templates and techniques to help our clients achieve ISO 27001 as quickly, hassle-free and economically as possible.

We’ve developed a process, containing all the steps to achieving certification. The compliance checklist is one of those tools.

The certification process for ISO 27001 requires two audits to take place, 2-3 months apart. 

  • The first audit (Stage 1) verifies that the documentation you have put in place conforms to the standard to make sure all requirements are covered;  
  • The second audit (Stage 2) verifies that the controls are in place and working, policies and procedures are adhered to and ISMS activities are being tracked and implemented. 

Add-ons you might like

30 Minute consultation with an ISO 27001 consultant


Templates you might like

ISO 27001 Requirements Checklist


ISO 27001 Risk Register



Kevin T
Read More
This template was highly beneficial for our needs. It covers all necessary areas and is structured in a way that facilitated easy adaptation to our organization. While some customization was needed, overall, it provided an excellent starting point. I recommend it to anyone needing assistance with their ISO 27001 documentation.