The Statement of Applicability (SoA) is a mandatory document in ISO 27001 that lists all Annex A controls, states whether each is applicable or not applicable to the organisation's ISMS scope, provides justification for exclusions, and references the implementation status of each applicable control. The SoA is a key audit artefact — auditors use it to verify that control selection is risk-based and that excluded controls have documented rationale. In Acuna, the SoA is managed directly in the Comply pane with applicability markings and justification fields per control.