ISO 27001 Statement of Applicability Template

4.5 out of 5 based on 2 customer ratings
(2 customer reviews)


The ISO 27001 Statement of Applicability has changed and yes this includes those changes.

Because we are so generous we are giving you both versions of the Statement of Applicability and saving you a couple of days work.

You could write it yourself, if you know what you are doing and have time on your hands but at this crazy price you would be insane not to download it and go get on with your day.

If I got that time back, man the things I could do.

Most likely I end up down a rabbit hole researching this non existent iMac Pro but the fact it would give me infinite possibility is worth the money alone. 

Get both the 

  • ISO 27001 Statement of Applicability 2022 – ISO 27002 2022
  • and ISO 27001 Statement of Applicability 2013 – ISO 27002 2013

Prepare yourself for the changes, assess and implement the new controls.

Have backward compatibility with the old version for current certifications. 

✓ Fully supports ISO/IEC 27002:2013 and ISO/IEC 27002:2022
✓ Fully supports ISO/IEC 27001:2013 

Time Saving Templates

  • No-Risk Money Back Guarantee!
  • Secure Payments
  • Immediate Digital Download
Guaranteed Safe Checkout

    Statement of Applicability Template

    Statement of Applicability Template

    ISO 27001 Annex A has changed. The list of controls has changed. OK, technically is called ISO 27002 and is the control set you need to deploy but what ever name you know it by, it has changed.

    You could try and work out what exactly has changed and write your own Statement of Applicability. A great option if you know what you are doing and have a lot of time on your hands. Or you could save yourself days of your life and for less than £50 download this template that gives you both versions.

    How long does it take you to earn £50? You probably earn that taking your daily constitutional on work time.

    Look, whether you are going for your current certification or preparing for the new certification changes, this template has you covered.

    Go take a dump, earn that £50 and download the template. We both win. Except you win twice.

    ISO 27001 Statement of Applicability Contents

    The Statement of Applicability template meets the requirements of ISO 27001:2013, ISO 27002:2013, and ISO 27002:2022. It is a Microsoft Excel document set out as a table that lists all of the ISO 27002:2022 / ANNEX A controls. For both versions of the standard we record:

    ISO 27002 Clause

    The ISO 27002 / Annex A clause number

    Control Objective

    The title of the ISO 27002 / Annex A clause


    The controls set control objectives. These are what are expected to be in place.


    We record why the control is applicable to our business. This has been pre populated for you with the common reasons why controls apply.


    This yes / no column records if a particular control is applicable to you. Not every control may be applicable. ISO 27002:2022 / SO 27002:2013 / Annex A is not a list of a mandatory controls to implement but you must consider them and provide a reason why they are not applicable if not.

    Date Last Assessed

    We must assess whether controls are applicable and evidence when we did the assessment so we record that date here

    Why is this not applicable

    For the controls that are not applicable or we are not going to implement we record our reason why.

    The Statement of Applicability has appropriate ISO 27001 required document mark up for classification, version control, document owner and last reviewed.

    Statement of Applicability 2022 Example

Statement of Applicability - ISO 27002 2022

    Statement of Applicability 2013 Example

    Statement of Applicability Template Page 2

    ISO 27001 Clause 6.1.3 Template

    Why do you need it for ISO 27001? Because ISO 27001 Clause 6.1.3 says:
    d) produce a Statement of Applicability that contains the necessary controls and justification for inclusions, whether they are implemented or not, and the justification for exclusions of controls from Annex A;
    By downloading our template you will have the complete control list. You will be able to show customers that your company has implemented an effective information security management system (ISMS) based on best practice standard ISO/IEC 27001. By doing this, it demonstrates that your company takes its responsibilities seriously when it comes to protecting sensitive data from cyber threats and other risks. This document will provide proof of what controls have been put in place by demonstrating which ones have been selected from the annexes available in the standard itself.

    Our Happy Clients!

    “Clear, concise and complete fit for purpose.”​

    High Table Review James

    James McKinlay

    Group Information Security Manager

    “Comprehensive, well written. Stuart is very helpful and professional.”​

    High Table Review Alice

    Alice Del Bianco

    Finance Director

    “Easy to use and understand. The value should not be underestimated.”​

    Matt Anslow

    Data Protection Consultant

    ISO 27001 Statement of Applicability Template 2013 Version Walkthrough

    Statement of applicability FAQ

    What version of the standards does this support?

    The Statement of Applicability fully supports ISO/IEC 27001:2013 and ISO/IEC 27002:2013 and ISO/IEC 27002:2022.

    What format is the Statement of Applicability Template in?

    The Statement of Applicability is in Microsoft Word format.

    How quickly will I get the Statement of Applicability? What is the turnaround?

    You get the Statement of Applicability immediately on successful payment.

    Will the Statement of Applicability Template work in America / Australia / Europe / UK …. other?

    Yes. The Statement of Applicability Template supports the International Standard for Information Security. It is being used successfully right now across the globe.

    How long will it take me to implement the Statement of Applicability Template?

    We estimate that on average about 15 minutes.

    Is High Table ISO 27001 certified?

    Yes. We are UKAS ISO 27001 certified. Our certificate is on the website. We are also Cyber Essentials certified.

    How secure are the payments? Do you handle my card details?

    Payments are handled entirely through Stripe. They are very secure. We do not handle, touch or get access to the payment transaction or your data.

    What is the Statement of Applicability?

    The statement of applicability is the list of information security controls that your business has implemented. It includes a list of the controls that you have considered but have deem not applicable. It is a fundamental document of ISO 27001 certification and of the information security management system.

    Why do I need the Statement of Applicability?

    You need the Statement of Applicability as part of your ISO 27001 certification as it is a mandatory document. It may also be requested by your clients and your customers. Without the Statement of Applicability you will not be able to evidence the controls that you have implemented and you will not certify to ISO 27001

    Why are there 2 versions of the Statement of Applicability?

    The statement of applicability is the list of information security controls contained within ISO 27002. ISO 27002 is an annex to ISO 27001 and a requirement of ISO 27001. That list of controls changed in 2022. Certification bodies should be checked before going for certification to agree which version of the controls you will be assessed against. You have both versions in the template to cover both scenarios and to allow for future planning.

    High Table Hero Image

    ISO 27001 Strategy Session

    You may also like…

    Secure Payments

    Powered by Stripe - black
    Apple Pay at High Table
    Visa at High Table
    Mastercard at High Table
    American Express at High Table

    As Seen On

    As see on at High Table
    Shopping Cart
    ISO 27001 Statement of Applicability Template 2022 ISO 27001 Statement of Applicability Template