Have a question about ISO/IEC 27001, related standards, or about certification? Use our enquiry page to ask your question and we will do our best to answer it

Mastering Risk Assessment and the Statement of Applicability — downloads

Use this page to download PDF copies of the documented information examples referred to in “Mastering Risk Assessment and the SOA”, available on Amazon. Instructions for using these examples are given in the book.

These downloads provide examples of the documented information required by ISO/IEC 27001, Clauses 6.1.2, 6.1.3, 8.2 and 8.3:

  • Example EX.1: documented information about the risk assessment process (Clause 6.1.2)
  • Example EX.2: documented information about the risk treatment process (Clause 6.1.3)
  • Example EX.3: documented information about the risk assessment results (Clause 8.2)
  • Example EX.4: documented information about the risk treatment results (Clause 8.3).

The documented information for the risk treatment results is presented in three parts – an example risk treatment plan (organisations following the prescription given in this book will have twelve of these); an example summary showing all twelve results together; and two examples (extracts) of a SOA.

The risk treatment plan example is itself presented in three parts: a template and two completed examples, one in list format and the other in story format.

Organisations are permitted to use these examples as given but treat them as a form to complete (as there are sections which require customisation). Alternatively, organisations can use them as examples and as inspiration for their own layouts and content.