Got an ISO 27001 SoA to complete?

Get a complete first draft in minutes — filled from your policies, risk register, and prior audit evidence.

93 Annex A controls. Every applicability decision. Every justification.

Stop rewriting your SoA at every audit cycle.

Draft your entire SoA from your existing documentation
Keep applicability decisions consistent year over year
Reuse everything for SOC 2, HITRUST, and security questionnaires

Start from our ISO 27001 templates — or upload your own questionnaire.

Complete your SoANo credit card required

Book a demo

ISO 27001 SoA

Preloaded in RequestFX — no formatting or setup required.

The Statement of Applicability is the cornerstone document of every ISO 27001 ISMS — required at certification and every surveillance audit.

Publisher

ISO/IEC 27001:2022

Format

Excel / Word

Variants

ISO 27001:2022 (current), 2013 (legacy)

Question Count

93 controls

✓ Outputs in your auditor’s preferred format

Loved by Industry Leaders

Our security team finally stopped drowning in repetitive vendor assessments.

RequestFX saves our VP of Engineering nearly a full week of work every month.

With just a few clicks, I get a fully drafted RFP response I can actually trust.

We went from dreading vendor questionnaires to solving them in minutes.

It turned our scattered documentation into a knowledge base the whole team can rely on.

Every answer comes with a citation, so we always know exactly where it came from.

Our security team finally stopped drowning in repetitive vendor assessments.

RequestFX saves our VP of Engineering nearly a full week of work every month.

With just a few clicks, I get a fully drafted RFP response I can actually trust.

We went from dreading vendor questionnaires to solving them in minutes.

It turned our scattered documentation into a knowledge base the whole team can rely on.

Every answer comes with a citation, so we always know exactly where it came from.

We cut our RFP response times from weeks down to just a few hours.

We switched to RequestFX after trying other RFP tools. It's the best on the market.

I can assign questions to the right SME and track every response in one place.

RequestFX is a game-changer for our sales team.

It lets us respond to far more security questionnaires without growing the team.

It saves me 3 to 4 days of work on every questionnaire.

We cut our RFP response times from weeks down to just a few hours.

We switched to RequestFX after trying other RFP tools. It's the best on the market.

I can assign questions to the right SME and track every response in one place.

RequestFX is a game-changer for our sales team.

It lets us respond to far more security questionnaires without growing the team.

It saves me 3 to 4 days of work on every questionnaire.

How It Works

Every control grounded. Every audit defended.

From upload to completed SoA — RequestFX handles the full Annex A response cycle, with every applicability decision cited and traceable to its source.

1. INGEST & DRAFT

Upload docs, draft instantly

Pick the ISO 27001:2022 SoA and add your policies, risk register and prior audit evidence; we'll draft every applicability decision against your knowledge base in minutes.

PROGRESS100%

2. REVIEW & COLLABORATE

Review answers with your team

Review each AI draft side-by-side with the source evidence. Route the tricky 5% to your ISMS owner or auditor and clear the other 95% without leaving the doc.

3. EXPORT & DELIVER

Ship it in your auditor’s format

RequestFX writes every control mapping back into your SoA template. Download and submit. No copy-paste, no reformatting.

Learn more about RequestFX

Thanks to RequestFX, our team can focus on high-value work and not on repetitive work.

Luka Birsa

Cofounder & CTO, Visionect