Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

View Schedule & Pricing
Get a Quote
Book a Meeting

Popular Searches

CISSP Security+ AWS Azure CCNA CompTIA Cloud Cybersecurity

Quick Links

Global Accelerated Learning • Est. 1999
Glossary Term Statement of Applicability SoA

Training Camp • Cybersecurity Glossary

What is Statement of Applicability SoA?

Statement of Applicability SoA: the mandatory ISO 27001 document listing selected Annex A controls with justification and implementation status.

Glossary > Governance, Risk & Compliance > Statement of Applicability SoA

Statement of Applicability SoA Definition: Statement of Applicability SoA: the mandatory ISO 27001 document listing selected Annex A controls with justification and implementation status.

Understanding Statement of Applicability SoA

The Statement of Applicability SoA is a core ISO/IEC 27001 document that lists the Annex A controls an organization has selected, justifies their inclusion or exclusion, and records their implementation status. It links identified risks from the risk assessment to the chosen controls, providing auditors a traceable map of how the information security management system addresses each requirement. The SoA is mandatory for ISO 27001 certification and must be kept current as risks and controls evolve.

Learn More About Statement of Applicability SoA:

← Statement Coverage Back to All Terms Static Application Security Testing →

Related Cybersecurity Terms

System Hardening
High Availability Design
Resilience Planning
Service Level Agreement (SLA)

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →