The Statement of Applicability (SoA) is a key document in achieving ISO 27001 certification. It serves as the vital link between your organizationโs information security risk assessment and the security controls you have implemented within your Information Security Management System (ISMS).
๐ What Does the SoA Include?
Lists every information security control in Annex A of ISO 27001, which provides recommended controls for various security objectives.
โ Applicability Assessment
For each control, the SoA specifies whether it is:
Implemented: Actively used to mitigate risks.
Excluded: Not implemented, with justification.
๐ก Justification & Explanation
Explains how and why controls were chosen and how they address risks effectively.
๐ค Why is the SoA Important?
The SoA demonstrates to ISO auditors that your organization has carefully tailored its security controls to match its specific risk profile and operational context, balancing robust protection with practical needs.
๐ฉ Need a Copy?
To request a copy of the Statement of Applicability, contact your Sales Contact or Customer Success Manager.