Reply : The SoA must include things like a list on the security controls from Annex A of ISO/IEC 27001. It should also reveal the steps to implement Each and every control, including any modifications or exclusions and references regarding policies, procedures, or documents.Currently Subscribed to this document. Your Inform Profile lists the docum