Answer : The SoA must incorporate a list with the security controls from Annex A of ISO/IEC 27001. It also needs to describe the steps to implement Every single control, which include any modifications or exclusions and references relating to policies, procedures, or documents. Make sure assets including money statements, https://iso2700126825.blogoxo.com/32273036/the-smart-trick-of-iso-27001-y-27002-diferencias-that-no-one-is-discussing