The Statement of Applicability (SOA)

Overview of ISO 27001 requirements

Creation of ISMS What falls within scope? The Statement of Applicability Optional and mandatory clauses Annex A Required documentation Maintaining an ISMS

The Statement of Applicability (SoA) is a mandatory document while preparing for ISO 27001. It contains the specific Annex A controls your organization has selected or excluded, along with justifications. It serves as a bridge between your risk assessment and the controls implemented to address those risks.

Organizations are required to provide a comprehensive list of all 93 Annex A controls, indicating whether each control is applicable or not. They must also include justifications for the inclusion or exclusion of each control, along with the current implementation status.

As a mandatory audit document, a well-prepared SoA reflects the maturity, clarity, and effectiveness of your Information Security Management System (ISMS).

ISO 27001 Statement of Applicability (All you need to know)

Learn more

Optional and mandatory clauses

The Sprinto advantage

From automating compliance checklists to monitoring security controls in real-time and more, Sprinto does the heavy lifting for you to get you compliant. ISO 27001 isn’t a one-time exercise. It requires constant monitoring and improvement to ensure you stay compliant. Sprinto doesn’t just help you pass the audit it helps you stay continuously compliant and add more compliances to your kitty with very little additional lift.

Contact sales