Answer : The SoA must involve a list from the security controls from Annex A of ISO/IEC 27001. It should also make clear the steps to implement Each individual control, such as any modifications or exclusions and references regarding policies, procedures, or documents.Some organizations prefer to implement the standard as a way to reap the benefit