Secure Controls Framework
Download The SCF
ISO 27001

What is a Statement of Applicability (SoA) in ISO 27001?

Direct Answer

A Statement of Applicability (SoA) is a required ISO 27001 document listing all Annex A controls, stating whether each applies to the organization, and providing justification for inclusions and exclusions. The SoA is a primary document auditors review to assess control selection. Excluding a control requires justification based on risk assessment - not simply that the control is difficult to implement.

Keep Exploring

Relevant Resources

References

Authoritative Sources