we are currently preparing for our control audit.
However, due to personnel changes I am contemplating to change certain aspects of the SOA to reduce unnecessary overhead.
What effect will the removal of controls e.g. A.14 have for the audit and our certification scope?
Can Changes to the SOA only be made prior to certification audits?