{"id":3992,"date":"2025-03-25T08:44:05","date_gmt":"2025-03-25T07:44:05","guid":{"rendered":"https:\/\/next.4conform.com\/wiki\/statement-of-applicability-soa\/"},"modified":"2025-05-22T14:11:50","modified_gmt":"2025-05-22T12:11:50","slug":"statement-of-applicability-soa","status":"publish","type":"wictionary","link":"https:\/\/4conform.com\/en\/wiki\/statement-of-applicability-soa\/","title":{"rendered":"Statement of Applicability (SoA)"},"content":{"rendered":"<p>The Statement of Applicability (SoA) is a central document within the framework of the Information Security Management System (ISMS) according to the ISO\/IEC 27001 standard. It is used to define and document the applicability of the security measures described in Annex A of the standard for a specific organization. <\/p>\n<h5>Purpose of the SoA:<\/h5>\n<ul>\n<li><strong>Customization:<\/strong> The SoA helps organizations to adapt the general security requirements of ISO 27001 to their specific needs and circumstances. It determines which of the 114 controls listed in Annex A of the standard are relevant and which are not. <\/li>\n<li><span style=\"letter-spacing: 0.03em;\"><strong>Risk-based approach: <\/strong>The selection of controls is based on a risk assessment. Organizations must identify the risks that are relevant to their specific environment and implement appropriate controls to address these risks. <\/span><\/li>\n<li><strong>Documentation and evidence: <\/strong>The SoA serves as evidence that the organization meets the requirements of ISO 27001. It is regularly reviewed and updated to ensure that it remains relevant and effective. <\/li>\n<\/ul>\n<h5>Content of the SoA:<\/h5>\n<ul>\n<li><strong>List of relevant controls:<\/strong> A listing of all controls from Annex A of ISO 27001 that are applicable to the organization.<\/li>\n<li><span style=\"letter-spacing: 0.03em;\"><strong>Justification for the selection:<\/strong> An explanation of why certain controls were classified as relevant or not relevant based on the risk assessment.<\/span><\/li>\n<li><span style=\"letter-spacing: 0.03em;\"><strong>Implementation status:<\/strong> Information on whether the selected controls have already been implemented, are planned or are not applicable.<\/span><\/li>\n<\/ul>\n<p>The SoA is a living document that should be regularly reviewed and updated to ensure that it continues to meet the organization&#8217;s current risks and requirements. It is an integral part of the ISMS and plays a crucial role in certifying and maintaining ISO 27001 compliance. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Statement of Applicability (SoA) is a central document within the framework of the Information Security Management System (ISMS) according to the ISO\/IEC 27001 standard. It is used to define and document the applicability of the security measures described in Annex A of the standard for a specific organization. Purpose of the SoA: Customization: The&#8230;<\/p>\n","protected":false},"featured_media":0,"template":"","meta":{"_acf_changed":false},"class_list":["post-3992","wictionary","type-wictionary","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/4conform.com\/en\/wp-json\/wp\/v2\/wictionary\/3992","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/4conform.com\/en\/wp-json\/wp\/v2\/wictionary"}],"about":[{"href":"https:\/\/4conform.com\/en\/wp-json\/wp\/v2\/types\/wictionary"}],"wp:attachment":[{"href":"https:\/\/4conform.com\/en\/wp-json\/wp\/v2\/media?parent=3992"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}