It is possible to thoroughly investigate the applicability for the organization of all 114 controls. In most of the cases this is superfluous and a waste of time and money. The Statement of Applicability is a mandatory document of an ISO 27001 implementation. It states which and why controls have been selected to reduce risk. It also motivates why certain controls have been skipped.
All our work is documented in a systematic manner. Each domain contains numerous subtopics. A catalogue will be created with present controls and/or planned/implemented countermeasures. Also a formal assignment of problem and data-owners will be part of this database.
If we strive to a minimum COBIT level of 3, then this subsequently means that all Information Security processes of the organization should be in place and that there is enough evidence to proof this. Omnisecure can assist you to realize this by implementing SHERLOCK WEB (http://www.sherlock.dk/en/). This specialized system is to become an effective and efficient manager of all processes in your organization. In order to accomplish this, all processes with their associated ISO 27001/002 controls are to be programmed into the system. Sherlock will see to it that all processes will be managed correctly, while being monitored and logged. Particularly proper logging is of key importance in relation to compliance and evidence. Data breaches or other incidents are still possible, even if all security measures are in place (It is still possible to get injured in an airbag equipped 5 star NCAP motor vehicle, because just being on the public road involves risk). Sherlock will be the information engine of your organization that controls the stream of documents and makes sure that management complies to the security-standard. Omnisecure will assist that Sherlock will comply with ISO 27001/27002 standard.