Print this chapterPrint this chapter

Risk Management

Instruction

Statement of Applicability (SOA)

The statement of applicability is a document that identifies the controls chosen for an organization's environment. The SOA is derived from the risk assessment and explains how and why these controls are appropriate.

Read The importance of Statement of Applicability for ISO 27001 which discusses why an SOA is needed and why it is useful.