ISO 27001:2022 Your Statement of Applicability Listed Controls. Your Risk Register Should Have Selected Them. For Most Certified Systems, That Process Ran in Reverse.
Most ISO 27001 implementations build the Statement of Applicability as a checklist. This blog explains why Clause 6 requires risk-driven control selection and bidirectional traceability.