Remedy : The SoA ought to include things like a list from the security controls from Annex A of ISO/IEC 27001. It must also demonstrate the steps to implement Every control, which include any modifications or exclusions and references concerning policies, procedures, or documents. In reality