ISO 27001: Controls Q4-2024

Controls are controls…

Safeguards or countermeasures to avoid, detect, counteract, or minimize security risks. They may be referred to as clauses in ISO.

ISO 27001 Management Controls

  1. Scope
  2. Normative reference
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

Old ISO 27001 Annex & ISO 27002 Operational Controls

A5. Management direction for information security
A6. Organization of information security
A7. human resource security
A8. Asset Management
A9. Access Control
A10. Cryptography
A11. Physical and Environmental security
A12. Operation security 
A13. Communication Security
A14. Systems acquisition, Development and Maintenance
A15. Supplier Relationships
A16. Information Security Incident Management
A17. Information Security Aspects of Business Continuity
A18. Compliance

ISO 27001Management Controls

  1. Scope
  2. Normative reference
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

New ISO 27001 Annex & ISO 27002 Operational Controls

A5. Organizational Controls
A6. People Controls
A7. Physical Controls
A8. Technological Controls

error: Content is protected !!