Statement of Applicability (SOA)
Manage your Statement of Applicability with the de.iterate SDK.
Overview
The soa resource provides operations for managing your SOA, including control implementation status, justifications, and evidence.
List SOA Controls
typescript
const response = await client.soa.list();
console.log(`Total controls: ${response.data.length}`);
for (const control of response.data) {
console.log(` ${control.controlId}: ${control.status}`);
}Get SOA Control
typescript
const control = await client.soa.get('A.5.1.1');
console.log(control.controlId);
console.log(control.applicable);
console.log(control.implemented);
console.log(control.justification);Update SOA Control
typescript
await client.soa.update('A.5.1.1', {
implemented: true,
status: 'implemented',
justification: 'Policies approved and published',
evidence: ['policy-001.pdf', 'approval-email.pdf'],
owner: 'security-team@company.com',
});UpdateSOAControlInput
| Field | Type | Description |
|---|---|---|
applicable | boolean | Whether control is applicable |
implemented | boolean | Whether control is implemented |
justification | string | Justification/notes |
evidence | string[] | Evidence document references |
owner | string | Control owner |
status | string | Implementation status |
Bulk Update
typescript
await client.soa.bulkUpdate([
{ id: 'A.5.1.1', implemented: true, status: 'implemented' },
{ id: 'A.5.1.2', implemented: true, status: 'implemented' },
{ id: 'A.6.1.1', implemented: false, status: 'in_progress' },
]);Get Frameworks
typescript
const frameworks = await client.soa.getFrameworks();
for (const framework of frameworks) {
console.log(`${framework.name}: ${framework.controlCount} controls`);
}Get Summary
typescript
const summary = await client.soa.getSummary();
console.log('SOA Summary');
console.log('===========');
console.log(`Total Controls: ${summary.totalControls}`);
console.log(`Implemented: ${summary.implemented}`);
console.log(`Not Implemented: ${summary.notImplemented}`);
console.log(`Not Applicable: ${summary.notApplicable}`);
console.log(`In Progress: ${summary.inProgress}`);
console.log(`Implementation: ${summary.implementationPercentage}%`);
console.log('\nBy Framework:');
for (const fw of summary.byFramework) {
console.log(` ${fw.framework}: ${fw.percentage}%`);
}Summary Response
typescript
interface SOASummary {
totalControls: number;
implemented: number;
notImplemented: number;
notApplicable: number;
inProgress: number;
implementationPercentage: number;
byFramework: Array<{
framework: string;
total: number;
implemented: number;
percentage: number;
}>;
byStatus: Record<string, number>;
}Get Version History
typescript
const history = await client.soa.getVersionHistory();
for (const version of history) {
console.log(`v${version.versionNumber} - ${version.dateUpdated}`);
console.log(` By: ${version.updatedBy}`);
console.log(` Notes: ${version.updateComments}`);
}SOAControl Type
typescript
interface SOAControl {
id: string;
type: 'soa_control';
controlId: string;
applicable: boolean;
implemented: boolean;
justification?: string;
evidence?: string[];
owner?: string;
status: 'not_started' | 'in_progress' | 'implemented' | 'not_applicable';
}Examples
Implementation Progress Report
typescript
async function implementationReport() {
const summary = await client.soa.getSummary();
console.log('=== SOA Implementation Report ===\n');
// Progress bar
const percentage = summary.implementationPercentage;
const filled = Math.round(percentage / 5);
const bar = '█'.repeat(filled) + '░'.repeat(20 - filled);
console.log(`Progress: [${bar}] ${percentage}%\n`);
// Status breakdown
console.log('Status Breakdown:');
console.log(` ✅ Implemented: ${summary.implemented}`);
console.log(` 🔄 In Progress: ${summary.inProgress}`);
console.log(` ❌ Not Implemented: ${summary.notImplemented}`);
console.log(` ⬜ Not Applicable: ${summary.notApplicable}`);
}Next Steps
- Controls - Control definitions
- Frameworks - Framework management
- Compliance - Compliance status