Answer : The SoA ought to contain a list on the security controls from Annex A of ISO/IEC 27001. It must also make clear the steps to implement Just about every control, which include any modifications or exclusions and references relating to policies, procedures, or documents. Answer: The objective from https://iso27001leadimplementer36925.atualblog.com/38416248/the-smart-trick-of-iso-27001-y-27002-diferencias-that-no-one-is-discussing