How to develop a Statement of Applicability according to ISO 27001

soa_eng

The Statement of Applicability (SoA) is a central, mandatory component of the ISO 27001 standard for Information Security Management Systems (ISMS). It defines which controls your organization implements—and why they matter.

This whitepaper includes:

  • Why the SoA is crucial for ISO 27001 compliance
  • A step-by-step process for creating your own SoA
  • Recommended tools that streamline the development of your SoA

 

   

Explore NorthGRC

Since 2002, NorthGRC has empowered organizations to navigate complex regulatory requirements and operational risk. We provide expert guidance and a comprehensive GRC platform to support compliance with ISO 27001/2, NIS2, GDPR, DORA, and a wide range of other standards.

© 2025 NorthGRC   -   Privacy policy
[fa icon="chevron-up"]