Response : The SoA really should involve a list from the security controls from Annex A of ISO/IEC 27001. It should also clarify the steps to implement Every control, which includes any modifications or exclusions and references regarding policies, procedures, or documents. What would be the period of this ISO https://mariojvcax.bloggazzo.com/31331235/the-smart-trick-of-iso-27001-y-27002-diferencias-that-no-one-is-discussing
