ISO 27001:2022 Your Statement of Applicability Was Built from Annex A. It Should Have Been Built from Your Risk Register. Here is the Correct Construction Sequence.
Most ISO 27001 SoA documents are built from Annex A controls. This blog explains why the correct approach starts with risk assessment and how to ensure audit-ready traceability.