Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is the Statement of Applicability?

The Statement of Applicability (SoA) is a fundamental component of an organization’s Information Security Management System (ISMS) and a critical document in achieving ISO 27001 certification.

An organization’s Statement of Applicability benchmarks against ISO 27001’s full Annex A control set and includes justification for inclusion or exclusion of each control as part of the organization’s ISMS implementation. In addition, the SoA links an organization’s risk assessment with its risk treatment plan.

The Statement of Applicability is one of the first documents an auditor will review as part of the ISO 27001 audit process. The SoA helps the auditor understand the organization and what controls have been implemented and assessed as part of that organization’s audit.

{{cta_withimage2="/cta-modules"}}

Additional resources you might like:

Compliance
Event
Fostering a culture of security in an AI world

Join our expert-led session to explore strategies for embedding a security-first culture in an AI-driven world. We'll address unique challenges and share actionable insights to help safeguard your organization.

Compliance
Event
Strategies for scaling your GRC program with automation and AI

As your business grows, there are increasing demands around GRC programs. Join us live, as we discuss what to consider when scaling your GRC program.

Security
Event
How Trust Centers Help Save Time and Accelerate Sales

Join us on October 3rd to discover how trust centers enhance customer confidence, streamline security processes, and drive sales growth, based on IDC’s latest research.

Additional resources you might like:

Compliance
Event
Fostering a culture of security in an AI world

Join our expert-led session to explore strategies for embedding a security-first culture in an AI-driven world. We'll address unique challenges and share actionable insights to help safeguard your organization.

Compliance
Event
Strategies for scaling your GRC program with automation and AI

As your business grows, there are increasing demands around GRC programs. Join us live, as we discuss what to consider when scaling your GRC program.

Security
Event
How Trust Centers Help Save Time and Accelerate Sales

Join us on October 3rd to discover how trust centers enhance customer confidence, streamline security processes, and drive sales growth, based on IDC’s latest research.

Compliance
Event
Streamline governance, risk, and compliance workflows and save hours

Join us to learn how Vanta can streamline governance, risk, and compliance workflows, automate control monitoring, and help your team save valuable time.

Compliance
Event
How to streamline ISO 27001 and SOC 2 compliance with automation

Join Vanta’s 45-minute live product demo to learn how Vanta can help you achieve security standards like ISO 27001 or SOC 2 move towards a state of continuous compliance.

Product updates
Blog
Vanta’s latest product capabilities accelerate compliance for startups

For startups, Vanta has what you need to get compliant fast and stay compliant with ease in one integrated platform.

Product updates
Event
The Future of GRC

Join our virtual event broadcast to hear product updates and renowned security experts on the future of GRC.

Compliance
Event
Save time on security reviews with Questionnaire Automation & Trust Center

Join us to learn how Questionnaire Automation & Trust Center help security teams with questionnaires.

HIPAA
Event
Choosing the right HITRUST certification level and streamlining implementation

As an authorized reseller, Vanta’s pre-built HITRUST solution natively includes the necessary controls, documents, and policies - eliminating the manual “do-it-yourself” approach that other platforms require. Curious to see this in action? Join Vanta and HITRUST for a live session!