The SoA lists all of the controls discovered in ISO 27001, details irrespective of whether Just about every Manage has become used and explains why it absolutely was involved or excluded. The RTP describes the ways being taken to deal with each possibility identified in the chance assessment. This http://collincswzd.blogofchange.com/7972026/new-step-by-step-map-for-iso-27001-checklist