The Statement of Applicability (SoA) provides an at-a-glance view of the applicability of all activities within a project.
By default, the SoA is enabled in the ISO 27001 Policies and Controls project. If you want to use it in a different project, you can set it up by following the steps below.
For more detail on working with the SoA, see our guide: Using the Statement of Applicability.
Enabling the Statement of Applicability for a Project
You can enable the SoA for any project, but the project’s Category must be set to ISO 27001.
Note: The ISO 27001 category includes specific functionality for this standard. Once saved, the category cannot be changed.
When Creating a New Project
- Go to the Create New Project page.
- Use a framework, clone an existing project, or start from scratch.
- Change the Project Category to ISO 27001.
- Complete the rest of the project setup process.
For an Existing Project
- Open the project and click Settings.
- Change the Category to ISO 27001.
- Click Save and confirm you are happy with the change (this action cannot be reversed).
If your project is already of type ISO 27001 and you want to disable the SoA, you can do this from the project’s Settings page.
Making an Activity Visible in the SoA
To display an activity in the SoA and set its applicability, you need to update the activity.
You can do this in either of two ways:
- From the project structure: click Edit next to the activity.
- From within the activity: click its name to open it and update the details.
On the activity page, you can select the Applicability value.
Including Categories in Your Statement of Applicability
You can also choose to display categories in your SoA.
Categories are set within each project’s Settings page. When creating or editing categories, you’ll see an option to Include categories in Statement of Applicability.
If checked:
- These categories will be displayed in the SoA.
- They will also appear in any SoA exports.
For further assistance, contact us at support@isms.online or via the in-platform live chat.