Skip to content
Ghana Licence Application
WIP Application
(Tintra submission)
Share
Explore

Annexes

Annex A: Statement of Applicability (SoA) Template

Purpose:

Provide a comprehensive record of all implemented controls under ISO 27001, including any exclusions with justification.

Contents:

Control Reference:
List of all applicable controls (e.g. A.9, A.12, A.16, A.18).
Implementation Status:
Details of whether each control is implemented, partially implemented or excluded.
Justification for Exclusions:
Provide clear, documented rationale for any controls not implemented.
Review Cycle:
Date of last review and planned update schedule.

Annex B: Risk Assessment and Treatment Reports Template

Purpose:

Detail the methodology, findings and treatment measures derived from the risk assessment process.

Contents:

Risk Identification Process:
Description of methods and tools used to identify and prioritise risks.
Risk Register:
Table or matrix listing identified risks, including probability, impact and risk rating.
Control Measures:
Detailed listing of existing and planned controls for each identified risk.
Action Plan:
Specific timelines, responsibilities and milestones for risk treatment and mitigation.
Review and Update Protocol:
Schedule for regular reassessment and documentation of changes.

Annex C: Incident Response Plan Summary Template

Purpose:

Summarise the processes and protocols in place for responding to information security incidents.

Contents:

Incident Detection:
Methods and tools for identifying security incidents (e.g. SOC monitoring, automated alerts).
Response Procedures:
Step-by-step actions to be taken during an incident, including escalation pathways and the role of the Crisis Management Team.
Recovery Process:
Procedures for data restoration and business continuity post-incident.
Reporting Requirements:
Internal and external notification protocols, including timelines and responsible parties.
Post-Incident Review:
Guidelines for documenting lessons learned and updating policies or controls.
Review Cycle:
Scheduled reviews of the incident response plan to ensure continued effectiveness.

Annex A: Statement of Applicability (SoA) Template
Purpose:
Contents:
Annex B: Risk Assessment and Treatment Reports Template
Purpose:
Contents:
Annex C: Incident Response Plan Summary Template
Purpose:
Contents:
Want to print your doc?
This is not the way.
Try clicking the ··· in the right corner or using a keyboard shortcut (
CtrlP
) instead.