Search
Updated on April 18, 2024

Statement of Applicability (SOA) Template

Estimated reading: 2 minutes 2020 views

What is the Statement of Applicability (SOA) Template?

A Statement of Applicability (SOA) Template is a key component of any ISO standard, as it provides an overview of the organization’s approach to managing specific risks and demonstrates how the organization meets the requirements of the standard. It is a document used in Information Security Management Systems (ISMS) to outline the applicability of security controls defined in a particular standard or framework, such as ISO/IEC 27001. The SOA serves as a roadmap for organizations to identify which security controls are relevant to their specific context, risks, and objectives.

The SOA template identifies the controls that the organization has selected and implemented to manage its information security risks.

How do I use it?

For a TrustCloud customer,

  • SOA can be automatically populated. Once SOA is populated, you need to check column L for any exclusions.

For non-TrustCloud customers, the following columns need to be filled out:

  • Column F: In this column, mark if Annex A IS control is applicable to your organization.
  • Column G: In this column, document all necessary controls implemented to address the Annex A IS controls.
  • Justification Columns [H to K]: Mark an X where necessary for each Annex A IS control. Use the legend for control inclusion as guidance.
  • Column L: In this column, for any Annex A IS control excluded, explain why.

Value to the organization:

Use this template to record the SOA process and provide an audit trail to satisfy SOA control during the audit.

What control does it satisfy?

Completing this template helps satisfy the following controls:

BIZOPS-31 Statement of Applicability An organization maintains a Statement of Applicability document, which summarizes the organization’s position on each ISO 27001 Annex A control.

The following screenshot shows the Statement of Applicability (SOA) Template.

Statement of Applicability

Please download the template from here:

Sign up with TrustCloud to learn more about how you can upgrade GRC into a profit center by automating your organization’s governance, risk management, and compliance processes.
Explore our GRC launchpad to gain expertise on numerous GRC Topics and compliance standards.

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
Trusty

Want to see how to turn GRC into a profit center?

Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk! 

Learn More
TrustCommunity

The #1 Community for Security, Privacy, and GRC Professionals.

© 2024 TrustCloud Corporation. All rights reserved.
TrustCloud® and TrustOps® are registered trademarks of TrustCloud Corporation.

Facebook Linkedin Youtube Rss

Resources

Platform

TOPICS

ABOUT US

AICPA
Monitored by TrustCloud

💛 Joyfully Crafted to Elevate GRC Leaders into Trust Champions.

OR