ISO 27001: 14 control sets - Annex A - Checks & Controls

Blog for Information Technology, Information Security and Digital Marketing Enthusiasts.

Friday, May 1, 2020

ISO 27001: 14 control sets - Annex A


There are total 114 ISO 27001 Annex A controls, divided into 14 categories.
The control details and the counts in each sections are furnished below.

Controls
Counts
A.5 Information security policies
2
A.6 Organisation of information security
7
A.7 Human resource security
6
A.8 Asset management
10
A.9 Access control
14
A.10 Cryptography
2
A.11 Physical and environmental security
15
A.12 Operations security
14
A.13 Communications security
7
A.14 System acquisition, development and maintenance
13
A.15 Supplier relationships
5
A.16 Information security incident management
7
A.17 Information security aspects of business continuity management
4
A.18 Compliance
8


Reason controls of ISO 27001 standards start from A.5 


The query  looks  little  complicated and people might ask ,  are there any control starting from A.1. The  reason behind  is explained as under.
In ISO 27002:2005 the audit-able clauses use to start from clause 5 due to which the control started from A.5 and “A” is nothing but the annexure. So in annexure should know about 3 main things that is domain, domain objective and control. Eg : A.5.1.1 A is annexure, 5 is the domain, 1 is the domain objective and 1 is the control.








No comments: