How to develop a Statement of Applicability according to ISO 27001

SoA - Statement of Applicability - ISO 27001

The Statement of Applicability (SoA) is a central, mandatory part of the ISO 27001 standard for Information Security Management Systems. Your SoA describes what controls are part of your ISMS.

In this guide you will learn:

  • why the Statement of Applicability is important
  • how to develop it
  • about some tools to help you develop your Statement of Applicability.