1. Is it a requirement for policy & procedure for the SOA to be approved?
It is not a requirement, but a best practice to avoid rework, to approve policies and procedures only after the SoA has been approved, because any changes in the applicability status of controls in the SoA can impact the development, or review of policies and procedures.
2 - Another question is it requirement to have 3 month ISMS evidence/records before ISMS external audit?
It is not mandatory by the standard to have 3 month ISMS evidence/records before ISMS external audit, however, some certification bodies, as part of their own processes, require the management system to be 3 months in operation before going for the certification (you should verify this situation with your own certification body).