What are the ISO 27001 controls?

The ISO 27001 controls are details in ISO 27001:2013 within Annex A. The ISO 27001 controls are to be referenced when defining and applying an information security risk treatment process within an organisation. Annex A includes references to other policies that are intended to support the information security policy. The organisation’s Statement of Applicability (SoA) should include Annex A controls.

Annex A Reference Control Objectives and Controls 

A.5 Information Security Polices

A.6 Organisation of information security

A.7 Human resource security

A.8 Asset management

A.9 Access control

A.10 Cryptography

A.11 Physical and environmental security

A.12 Operations security

A.13 Communications security

A.14 System acquisition, development and maintenance

A.15 Supplier relationships

A.16 Information security incident management

A.17 Information security aspects of business continuity management

A.18 Compliance

To learn more about ISO 27001, please view our ISO 27001 courses, including our certified ISO 27001 Lead Auditor training course and ISMS ISO 27001 Internal Auditor training course.