Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Blogs
Events
Glossary
Guides and reports

Follow us

Linkedin iconFacebook icontwitter iconinstagram icon

What is the Statement of Applicability?

The Statement of Applicability (SoA) is a fundamental component of an organization’s Information Security Management System (ISMS) and a critical document in achieving ISO 27001 certification.

An organization’s Statement of Applicability benchmarks against ISO 27001’s full Annex A control set and includes justification for inclusion or exclusion of each control as part of the organization’s ISMS implementation. In addition, the SoA links an organization’s risk assessment with its risk treatment plan.

The Statement of Applicability is one of the first documents an auditor will review as part of the ISO 27001 audit process. The SoA helps the auditor understand the organization and what controls have been implemented and assessed as part of that organization’s audit.

{{cta_withimage2="/cta-modules"}}

Related Terms

Additional resources you might like:

Product updates
Events
Goodbye, Audit Chaos. Hello, Calm-pliance.

Register for this edition of Vanta Delivers to see how we’re putting audit chaos behind us and moving forward into Calm-pliance.

Company news
Blog
New in Vanta | February 2026

Vanta’s latest releases give teams more control over audits, automated TPRM evidence collection, and more.

Comparisons and reviews
Blog
The best TPRM software for 2026

Discover the best third-party risk management software solutions for 2026.

Additional resources you might like:

Product updates
Events
Goodbye, Audit Chaos. Hello, Calm-pliance.

Register for this edition of Vanta Delivers to see how we’re putting audit chaos behind us and moving forward into Calm-pliance.

Company news
Blog
New in Vanta | February 2026

Vanta’s latest releases give teams more control over audits, automated TPRM evidence collection, and more.

Comparisons and reviews
Blog
The best TPRM software for 2026

Discover the best third-party risk management software solutions for 2026.

Compliance
Events
Getting Ready for APRA CPS 230/234 Compliance

Join our Q&A-led session that will highlight the most common CPS 234 readiness questions, and explore how CPS 230 builds on these foundations.

Comparisons and reviews
Blog
The best SOC 2 compliance software for 2026

Here are the best SOC 2 compliance software platforms, including Vanta and others.

Comparisons and reviews
Blog
The best ISO 27001 compliance software for 2026

Discover the best ISO 27001 compliance software options for 2026, including Vanta.

Compliance
Blog
What is vendor compliance, and why does it matter?

Learn about vendor compliance and its key regulations and requirements across industries.

Compliance
Blog
CRI Cyber Profile: A complete guide for financial institutions

Get in-depth insights into the CRI Cyber Profile and what it means for financial institutions.

Compliance
Blog
How to choose the right AI standard: A 7-point guide

Discover the seven essential questions that help you choose an AI standard for your organization.

Get compliant and build trust—fast

Request a demo
G2 Badge Winter 2026 LeaderG2 Badge Winter 2026 Enterprise LeaderG2 Badge Milestone 'Users Love Us'