Check list and declaration of applicability – ISO 27001:2024
For the purposes of ISO 27001:2024 certification , the organization must necessarily document the Annex-A controls that have actually been applied and integrated into the processes.
For this reason, certification is subject both to compliance with ISO requirements (Context, leadership, planning, etc.) and to verification of the security controls applied.
During the audit phase, therefore, three documents present in the system kit are relevant:
FORM 610-B
Information Security Plan (Applicability Statements)
The document is also recognized as a DECLARATION OF APPLICABILITY because it reports all the controls provided for in Annex A and, corresponding to each one, documents how the control has been applied to the system and integrated into the processes.
CHECK LIST-01
Compliance with ISO 27001:2024 requirements
The check list lists all the regulatory requirements and allows any non-conformities to be detected and documented.
CHECK LIST-02
Application of security controls (Annex-A, ISO 27001:2024)
The check list divides the security controls by type (organisational, on people, physical and technological) and allows you to detect any non-conformities inherent to their correct application.
