The structure of the Statement of Applicability includes the following elements:

1. A list of all controls from ISO 27001 Annex A.
2. Identification of which controls are applicable and which are not.
3. Justification for why each control is applicable or not applicable.
4. Implementation methods for applicable controls.
5. The status of each control.