Statement of Applicability Template

ISO 27001 Statement of Applicability (SoA) Template – Annex A Controls - Organisational | People | Physical | Technological | Additional Controls

The ISO 27001 Statement of Applicability (SoA) Template is a structured form designed to help organisations create, document, and maintain their Integrated Management System (IMS) Statement of Applicability in line with ISO/IEC 27001 requirements.

This template includes all Annex A information security controls from ISO 27001:2022, allowing organisations to clearly document which controls are applicable, how they are implemented, and where they are managed across the business. It provides a central, auditable record of information security controls covering people, processes, and technology.

Fully editable and easy to use, the register supports risk treatment decisions, audit preparation, and certification activities.

Key Features & Benefits

• Covers all Annex A controls from ISO 27001:2022
• Designed for the Statement of Applicability (SoA) 
• Supports Integrated Management Systems (IMS)
• Helps demonstrate ISO 27001 compliance and control justification
• Provides a clear, auditable record for internal and external audits
• Fully editable to suit organisational structure and scope

• Clause Reference
• Section Number
• Annex A Control Reference
• Control Description
• Applicability Status
• Implementation Details
• Additional Comments

Note - For the ISO 27001:2013 version of the standard - the Annex A controls document is also available. 

This structure enables organisations to clearly justify inclusion or exclusion of controls and demonstrate how applicable controls are implemented and maintained.

Ideal For:

• ISO 27001 implementation and certification
• Information Security Management Systems (ISMS)
• Risk treatment and control selection
• Internal audits and certification audits
• Integrated Management Systems (IMS)