The SoA lists each of the controls recognized in ISO 27001, details regardless of whether Just about every Handle is used and clarifies why it had been bundled or excluded. The RTP describes the actions to be taken to manage Just about every possibility recognized in the danger assessment. https://jeffreyrngbj.jaiblogs.com/29751049/a-review-of-iso-27001-checklist