STATEMENT OF APPLICABILITY AS A KEY ELEMENT OF THE GIS CERTIFICATION PROCESS IN THE LIGHT OF CYBERSECURITY STANDARDS

Abstract

The Statement of Applicability (SoA) is a mandatory document ISMS that you need to develop, prepare, and submit with your ISO 27001, and it is crucial in obtaining your ISO 27001 Risk Assessment and ISMS certification. According to ISO/IEC 27001, Information Security Management System is a collection of ‘that part of the general management system, based on the approach to business risk, to establish, implement, operate, monitor, review, maintain and improve information security. ISO/IEC 27001 specifies the requirements and implementation process for the Information Security Management System. However, implementing this standard without a good SoA document may prove impossible. The article presents a system model for the construction of SoA for ISMS and its certification following the ISO 27001 standard. This model aims to provide instruments for designing and generating an SoA document in relation to ISMS, covering all information processes in GIS. This model allows organizations to evaluate their current state of GIS information asset security implementation according to the best practices defined in ISO/IEC 27001. The proprietary model proposed in this article is assessed from a multi-stage perspective, which confirms that the proposed draft Statement of Use document makes a valuable and innovative contribution to information security management by considering the best practices in this field.