Respond to : The SoA ought to include things like a list from the security controls from Annex A of ISO/IEC 27001. It must also demonstrate the steps to implement Every control, which include any modifications or exclusions and references about policies, procedures, or documents.The final action will be the official CompTIA Cyber Security Analyst+