Answer : The SoA must involve a list of the security controls from Annex A of ISO/IEC 27001. It should also describe the steps to implement Just about every control, together with any modifications or exclusions and references concerning policies, procedures, or documents. The ultimate step may be the official https://iso-27001-pdf59269.blogsvirals.com/31422576/getting-my-iso-27001-soa-to-work