The dreaded Statement of Applicability
Notice Bored
JUNE 5, 2022
The organisation cannot adopt a generic suite of information security controls simply on the basis that they have been recommended or suggested by someone - not even if they are noted in Annex A. Justification for including a control is its effect on modifying information security risk. Subclause 6.1.3 Subclause 6.1.3
Let's personalize your content