Adding, changing, or excluding a control from SoA is a natural and necessary thing to maintain the ISMS.
To do that, considering the requirements of the standard, you need to review your risk assessment and risk treatment, and your list of applicable legal requirements, to verify if there is any change in your context that can justify a change in SoA. Additionally, you need to check if there is any management decision to implement a control (in such cases there will be no changes in risk management nor in legal requirements).
Once a need for change is identified, you need to define an implementation plan to perform the change.
These articles will provide you a further explanation about SoA: