Term

Statement of Applicability

A document listing which ISO 27001 controls apply to an ISMS, and why.

The Statement of Applicability (SoA) is a required ISO 27001 artefact that documents which Annex A controls are in scope, which are excluded, and the justification for each decision.

ISO 27001
Annex A

Ready to replace the spreadsheet chaos?

See Asurvo in action with a 20-minute walkthrough tailored to your stack and frameworks.

Request a demo Talk to sales

Statement of Applicability

Related

Ready to replace the spreadsheet chaos?