System Guides

The Security Control Statement feature in AMSS allows you to prepare and complete the statement of applicability based on ISO 27001:2022 Annex-A. This statement is a crucial component of your information security management system, outlining the applicability, justification, implementation method, responsibility, and implementation status of each security control. AMSS simplifies the process of preparing the Security Control Statement by pre-configuring the controls and providing guidance on their applicability and implementation. Click the action button to save and finalize the statement for each particular control. Repeat the process for other controls listed in the Annex-A to complete the entire statement

To complete the Security Control Statement, follow these steps:

1. Security Control: Each control is categorized based on its nature. In this case, we have selected "A.5.35 Independent review of information security" as the security control.

2. SOA ID: The SOA ID is a unique identifier assigned to each control.

3. Review Date: Specify the date when the review of this security control will take place.

4. Applicability: Evaluate the applicability of the control to your organization. Provide a brief description of how it relates to your business operations and information security needs.

5. Justification: Justify why this control is applicable to your organization. Explain the reasons behind its inclusion/ exclusion and how it addresses your information security requirements.

6. Implementation Method: Describe the method or approach you will use to implement this control. Outline the steps, processes, or tools that will be utilized to ensure its effective implementation.

7. Responsibility: Assign the responsibility for implementing and maintaining this control. Specify the individual or department accountable for its execution and ongoing management.

8. Implementation Status: Indicate the current status of the control's implementation. This helps track progress and identify areas that require attention or improvement.

9. Attachment: If necessary, attach any relevant files or documentation related to this control. This can include policies, procedures, or supporting materials.

By providing accurate and comprehensive information for each field, you ensure a complete and well-documented Security Control Statement that aligns with ISO 27001:2022 requirements. This ensures compliance with ISO standards and facilitates effective information security management within your organization.