The SoA lists all of the controls recognized in ISO 27001, facts irrespective of whether Each and every Manage continues to be used and points out why it was bundled or excluded. The RTP describes the actions to get taken to handle Every hazard recognized in the danger evaluation. http://jaidenyvlaq.win-blog.com/8732894/fascination-about-iso-27001-checklist