Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is the Statement of Applicability?

The Statement of Applicability (SoA) is a fundamental component of an organization’s Information Security Management System (ISMS) and a critical document in achieving ISO 27001 certification.


An organization’s Statement of Applicability benchmarks against ISO 27001’s full Annex A control set and includes justification for inclusion or exclusion of each control as part of the organization’s ISMS implementation. In addition, the SoA links an organization’s risk assessment with its risk treatment plan.


The Statement of Applicability is one of the first documents an auditor will review as part of the ISO 27001 audit process. The SoA helps the auditor understand the organization and what controls have been implemented and assessed as part of that organization’s audit.

Additional resources you might like:

Compliance
Event
Leverage Security and Compliance to Win Over Prospects

Curious about how security and compliance can help you build trust and win over prospects? On December 13th at 8:30am PST / 4:30pm GMT, join our AMAA

Product updates
Blog
New in Vanta | October 2023

This past month, we announced the single destination to showcase your security posture, Vanta Trust Center, 19 new integrations, Private links for Vendor Risk Management, and more.

Compliance
Event
ISO 27001 & SOC 2 Compliance Automation

Demonstrating security compliance with a framework like ISO 27001 or SOC 2 is not only essential for scaling your business and raising capital, it also builds an important foundation of trust.

Get compliant and
build trust, fast.