Respond to : The SoA ought to consist of a list from the security controls from Annex A of ISO/IEC 27001. It must also demonstrate the steps to implement Every single control, together with any modifications or exclusions and references concerning policies, procedures, or documents. Once you