Statement of Applicability (ISO 27001)

Organisation and scope

Organisation name *

Effective date *

ISMS owner *

ISMS scope *The boundaries of the information security management system

Control themes (ISO/IEC 27002:2022)

Organizational controls (A.5, 37 controls) *

People controls (A.6, 8 controls) *

Physical controls (A.7, 14 controls) *

Technological controls (A.8, 34 controls) *

Exclusions and approval

Excluded controlsOne per line: control | reason for exclusion (for example A.7.4 Physical monitoring | fully remote, no office)

Approved by *

Approval date *

Please fill all required fields to generate.

📋

Template verified May 2026 — checked against applicable central Acts and current state rules. Legal requirements can change; for property transactions above ₹5 lakh, employment disputes, or business agreements above ₹10 lakh, consider a lawyer's review before signing. Run Lekha Audit on any document you receive →

Attachments

Upload your company letterhead, logo, or supporting documents. These will be used in PDF generation and AI audit.

Click or drag files here

Letterhead (PNG/JPG), Logo, PDFs — max 5 MB each

Live preview

8 gaps remaining.

STATEMENT OF APPLICABILITY

Effective Date
ISMS Owner
Themes applicable: 4 of 4

1. ISMS scope

operates an ISMS owned by . Scope: .

2. Control themes

Applicability of the ISO/IEC 27002:2022 control themes:

Theme	Controls	Applicability
A.5 Organizational	37	Applicable
A.6 People	8	Applicable
A.7 Physical	14	Applicable
A.8 Technological	34	Applicable

3. Exclusions

The following controls are excluded with justification:

Control	Reason for exclusion
__GAP[exclusions	Excluded controls]__

4. Approval

Approved by on [date].

Approved by

ISMS Owner