Answer : The SoA really should contain a list of your security controls from Annex A of ISO/IEC 27001. It must also describe the steps to implement Each individual control, which include any modifications or exclusions and references regarding policies, procedures, or documents.Understanding the meaning of ISO 27001 just isn't almost understanding