Exploring Annex A controls in ISO/IEC 27001: a short course
25 Jun, 2025
For those involved in information security management systems at any level, Annex A controls in ISO/IEC 27001:2022 are a valuable tool.
The controls help organisations identify information security risks and the most appropriate way to mitigate those risks for their business. Showing that you have considered the controls is vital to the certification process if that is the path you are following. And they bring best practice into the process, which in turn makes continuous improvement easier to achieve.
Yet during our conversations with the many customers who attend our training courses around ISO/IEC 27001, we have discovered that the latest version of Annex A controls in ISO/IEC 27001:2002 is proving challenging for some. Non-technical staff can struggle with the technological aspects, while even technical staff can feel they would benefit from a clearer understanding of how to use these controls in the most effective way.
To help organisations improve their understanding, Bywater has developed a new short course focusing specifically on the latest version of Annex A controls.
This unique course explores Annex A through a games-based approach, making it highly interactive and effective over the course of half a day.
Who can benefit?
The course is designed for those who have already attended ISO/IEC 27001 training courses. These can be lead auditors, internal auditors, and certification body auditors.
It’s also appropriate for ISMS implementers, managers, and freelance consultants who have some knowledge of the basic structure of ISO/IEC 27001 (e.g. who may be attending an audit course in the future).
How does the course work?
Starting with a short ISO/IEC 27001 refresher, the course will move on to cover all Annex A themes, with a special focus on the technological controls. Over the morning there will be games and a case study, looking at the various controls available, including bespoke controls, which are not explicitly discussed in Annex A.
Prior to the training day, delegates are provided with an Annex A guidance document as recommended reading before the course and to keep for reference during the course.
Find out more
Since its launch in Spring 2025, many have already benefited from this specialised course. Discover more about the ISO/IEC 27001:2022 Annex A Controls training course or explore our full range of ISO/IEC 27001 training courses for auditors and those involved in ISMS management.