ISO 27001 Statement of Applicability Template: 2013 and 2022 Editions

4.5 out of 5 based on 2 customer ratings
(2 customer reviews)


ISO 27001 Statement of Applicability 2022 – ISO 27002 2022
ISO 27001 Statement of Applicability 2013 – ISO 27002 2022

ISO 27001 Annex A / ISO 27002 has been updated to ISO 27002 2022. This Statement of Applicability covers both the new and the old versions. At the current time companies are being assessed against the old version ISO 27002:2013. 

Prepare yourself for the changes, assess and implement the new controls.

Have backward compatibility with the old version for current certifications. 

✓ Fully supports ISO/IEC 27001:2022 and ISO/IEC 27002:2022
✓ Fully supports ISO/IEC 27001:2013 and ISO/IEC 27002:2013

Our 100% No-Risk Money Back Guarantee

ISO 27001 Statement of Applicability Template: 2013 and 2022 Editions

The ISO 27001 Statement of Applicability template includes both the 2013 and the 2022 versions.

For backward compatibility and as current certifications are assessing against the ISO 27002:2013 version we include the original control set.

In 2022 the control set was update to ISO 27002:2022 and we include the full 2022 version update.

You get both ISO 27001 Statement of Applicability Versions.

ISO 27001 Statement of Applicability Contents

The Statement of Applicability template meets the requirements of ISO 27001:2013, ISO 27002:2013, and ISO 27002:2022. It is a Microsoft Excel document set out as a table that lists all of the ISO 27002:2022 / ANNEX A controls. For both versions of the standard we record:

ISO 27002 Clause

The ISO 27002 / Annex A clause number

Control Objective

The title of the ISO 27002 / Annex A clause


The controls set control objectives. These are what are expected to be in place.


We record why the control is applicable to our business. This has been pre populated for you with the common reasons why controls apply.


This yes / no column records if a particular control is applicable to you. Not every control may be applicable. ISO 27002:2022 / SO 27002:2013 / Annex A is not a list of a mandatory controls to implement but you must consider them and provide a reason why they are not applicable if not.

Date Last Assessed

We must assess whether controls are applicable and evidence when we did the assessment so we record that date here

Why is this not applicable

For the controls that are not applicable or we are not going to implement we record our reason why.

The Statement of Applicability has appropriate ISO 27001 required document mark up for classification, version control, document owner and last reviewed.


Statement of Applicability Template Reviews

Statement Of Applicability Template Ready to Go

The ISO 27001 Statement Of Applicability template is the list of ISO 27002:2022 Annex A controls and control objectives that you are implementing in your organisation. It also includes the ISO 27002:2013 Statement of Applicability Controls for backward compatibility.

I am Stuart Barker and I have been in Governance, Risk and Compliance for over 20 years. I built this template to be part of the ISO 27001 Toolkit but it can be used standalone. It is a requirement of the standard and of ISO 27001 certification.

Once you have certified it is also one of the most requested documents to accompany your certificate. It answers the question that whilst you may be certified, what actual controls have you implemented.

If you need help and guidance I offer you up to 1 hour of my time for free. If the template doesn’t give you what you need, I will give you your money back.

Stuart Barker - Director at High Table 2

The complete list of controls

By downloading our template you will have the complete control list. You will be able to show customers that your company has implemented an effective information security management system (ISMS) based on best practice standards such as ISO/IEC 27001. By doing this, it demonstrates that your company takes its responsibilities seriously when it comes to protecting sensitive data from cyber threats and other risks.

This document will provide proof of what controls have been put in place by demonstrating which ones have been selected from the annexes available in the standard itself.

Quick Look

Statement of Applicability Template Quick Look

ISO 27001 Statement of Applicability Template 2013 Version Walkthrough

Meet the team behind the templates

Practitioners for over 20 years in Governance, Risk and Compliance. These are the tools we use day in day out.

High Table Hero Image

Customer reviews

Rated 4.5 out of 5 stars
2 reviews
3 stars 0
2 stars 0
1 star 0

2 reviews for ISO 27001 Statement of Applicability Template: 2013 and 2022 Editions

Add a review

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may also like…

Secure Payments

Powered by Stripe - black
Apple Pay at High Table
Visa at High Table
Mastercard at High Table
American Express at High Table

As Seen On

As see on at High Table
Shopping Cart