Back to glossary

soa

SoA

Statement of Applicability: overview of which controls apply and why.

Definition

SoA is commonly used in ISO 27001 to show selected controls, exclusions, rationale and status.

Why it matters

A good SoA makes the management system auditable. It connects risk, controls and accountability.