Remedy : The SoA should consist of a list in the security controls from Annex A of ISO/IEC 27001. It should also describe the steps to implement Each and every control, like any modifications or exclusions and references regarding policies, procedures, or documents. Outlining your ISMS objectives such as the https://iso27001certificationcost69358.blogdomago.com/31341608/not-known-factual-statements-about-iso-27001-types-of-audit
