ISO 27001 Annex A Controls Archives

ISO 27001:2022 Annex A 8.33 Test Information: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.33 Test Information is a security control that mandates the protection of data used in testing environments. To ensure compliance, organizations must prioritize the use of synthetic or anonymized data rather than live PII. This approach mitigates risk, ensuring confidentiality and regulatory adherence while maintaining effective software development lifecycles. ISO 27001 […]

ISO 27001:2022 Annex A 8.33 Test Information: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.32 Change Management : The Lead Auditor’s Guide.

ISO 27001 Annex A 8.32 Change Management is a security control that mandates formal procedures for modifying information processing facilities and systems. It ensures that changes are controlled, risk-assessed, and authorized to prevent service disruptions. This requirement guarantees a documented audit trail and preserves the confidentiality, integrity, and availability of data during updates. In this

ISO 27001:2022 Annex A 8.32 Change Management : The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.31 Separation of development, test and production environments

ISO 27001 Annex A 8.31 Separation of Development, Test and Production Environments is a security control that mandates the logical isolation of operational stages to prevent unauthorized changes. The Primary Implementation Requirement is restricting developer write-access to live systems, ensuring the Business Benefit of system stability, data integrity, and reduced risk of operational failure. In

ISO 27001:2022 Annex A 8.31 Separation of development, test and production environments Read More »

ISO 27001:2022 Annex A 8.30 Outsourced development: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.30 Outsourced Development is a security control that mandates strict supervision of third-party vendors to ensuring they meet organizational security standards. The Primary Implementation Requirement is enforcing contractual security clauses and conducting independent verification, providing the Business Benefit of mitigating supply chain risks and preventing “backdoor” vulnerabilities. In this guide, I

ISO 27001:2022 Annex A 8.30 Outsourced development: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.29 Security Testing in Development and Acceptance

ISO 27001:2022 Annex A 8.29 Security testing in development and acceptance: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.29 is a security control that mandates the definition and implementation of security testing processes within the development lifecycle. By enforcing validation milestones during development and acceptance testing, organizations prevent vulnerabilities from reaching production, ensuring compliance and maximizing system integrity before go-live. In this guide, I will show you exactly how

ISO 27001:2022 Annex A 8.29 Security testing in development and acceptance: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.28 Secure Coding: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.28 is a security control that mandates the application of Secure Coding Principles throughout the software development lifecycle. By enforcing secure architecture, input validation, and secure memory management, organizations prevent vulnerabilities, ensuring system resilience and minimizing the risk of exploitation in production environments. In this guide, I will show you exactly

ISO 27001:2022 Annex A 8.28 Secure Coding: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.27 Secure systems architecture and engineering principles: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.27 Secure Systems Architecture and Engineering Principles is a security control that mandates organisations apply security by design standards throughout the entire system lifecycle. By documenting and enforcing engineering rules like Zero Trust and Defense in Depth, businesses ensure systems are intrinsically resilient against threats, preventing costly vulnerabilities before code is

ISO 27001:2022 Annex A 8.27 Secure systems architecture and engineering principles: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.26 Application security requirements: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.26 Application Security Requirements is a security control that mandates organizations identify, specify, and approve information security requirements before developing or acquiring software. By enforcing security early in the lifecycle, businesses ensure secure software development and prevent costly vulnerabilities, ensuring robust data protection and compliance. In this guide, I will show

ISO 27001:2022 Annex A 8.26 Application security requirements: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.25 Secure Development Life Cycle

ISO 27001:2022 Annex A 8.25 Secure development life cycle: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.25 is a security control that mandates the establishment of rules for the secure development of software and systems. It requires organizations to integrate security checkpoints into every phase of the engineering process, moving from reactive patching to a preventive Secure Software Development Life Cycle (SSDLC), ensuring that vulnerabilities are identified

ISO 27001:2022 Annex A 8.25 Secure development life cycle: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.24 Use of Cryptography

ISO 27001:2022 Annex A 8.24 Use of Cryptography: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.24 is a security control that mandates the establishment of rules for the effective use of cryptography and key management. It requires organizations to define policies for encryption to protect the confidentiality, integrity, and authenticity of information, ensuring data is secured at rest and in transit against unauthorized access. In this

ISO 27001:2022 Annex A 8.24 Use of Cryptography: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.23 Web Filtering: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.23 is a security control that requires organizations to manage access to external websites to reduce exposure to malicious content. By implementing technical restrictions on high-risk categories like gambling or malware hosting, this control ensures malware prevention and protects systems from drive-by downloads and unauthorized data exfiltration. In this guide, I

ISO 27001:2022 Annex A 8.23 Web Filtering: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.22 Segregation of Networks

ISO 27001:2022 Annex A 8.22 Segregation of Networks: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.22 is a security control that mandates the segregation of networks to restrict data flow between different trust zones. It requires organizations to implement logical or physical network boundaries, ensuring that a compromise in one segment (e.g., Guest Wi-Fi) cannot laterally spread to critical systems, thereby limiting the blast radius of

ISO 27001:2022 Annex A 8.22 Segregation of Networks: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.21 Security of Network Services

ISO 27001:2022 Annex A 8.21 Security of Network Services: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.21 is a security control that requires organizations to manage the security of services provided by networks, both internal and external. It mandates the identification and monitoring of service levels and security requirements (e.g., encryption, availability) within agreements to ensure that network services, such as ISPs or cloud connectivity, meet business

ISO 27001:2022 Annex A 8.21 Security of Network Services: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.20 Networks Security: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.20 is a security control that mandates the implementation of network security measures to protect information systems. It requires organizations to secure, manage, and control networks and devices by establishing network boundaries, managing traffic, and ensuring only authorized access, thereby safeguarding data confidentiality and integrity against unauthorized access or interception. In

ISO 27001:2022 Annex A 8.20 Networks Security: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.19 Installation of Software on Operational Systems

ISO 27001:2022 Annex A 8.19 Installation of Software on Operational Systems: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.19 is a security control that requires organizations to strictly govern the installation of software on operational systems to prevent malware and maintain stability. By implementing an Approved Software List (ASL) and removing local admin rights, this control ensures only authorized, licensed software runs in your environment, mitigating risks from shadow

ISO 27001:2022 Annex A 8.19 Installation of Software on Operational Systems: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.18 Use of Privileged Utility Programs

ISO 27001:2022 Annex A 8.18 Use of Privileged Utility Programs: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.18 is a security control that mandates stringent restrictions on privileged utility programs—software capable of overriding system security controls. By limiting access to these powerful tools (like disk editors or packet sniffers) to authorized personnel only, organizations can prevent unauthorized changes, data leakage, and system instability, thereby protecting the integrity of

ISO 27001:2022 Annex A 8.18 Use of Privileged Utility Programs: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.17 Clock Synchronisation

ISO 27001:2022 Annex A 8.17 Clock Synchronisation: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.17 is a security control that mandates the synchronization of all information processing system clocks to a single, consistent time source. This ensures accurate timestamps for logs, which are vital for incident investigation, forensic analysis, and proving the sequence of events during legal or regulatory reviews. In this guide, I will

ISO 27001:2022 Annex A 8.17 Clock Synchronisation: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.16 Monitoring Activities

ISO 27001:2022 Annex A 8.16 Monitoring Activities: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.16 is a detective security control that mandates the active monitoring of networks, systems, and applications to detect anomalous behavior. Unlike passive logging, this control requires organizations to establish baselines, set up real-time alerts, and analyze security events to identify potential incidents, ensuring rapid response to unauthorized activities like brute force

ISO 27001:2022 Annex A 8.16 Monitoring Activities: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.15 Logging: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.15 is a security control that mandates the production, protection, and regular analysis of audit logs to record system activities, exceptions, and security events. By creating a tamper-evident digital forensic trail, organizations can detect unauthorized access, investigate incidents, and ensure accountability for privileged user actions. In this guide, I will show

ISO 27001:2022 Annex A 8.15 Logging: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.14 Redundancy of Information Processing Facilities

ISO 27001:2022 Annex A 8.14 Redundancy of Information Processing Facilities: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.14 is a security control that mandates the implementation of redundancy in information processing facilities to ensure sufficient availability. It requires organizations to identify critical systems and deploy failover mechanisms (such as duplicate servers, network links, or power supplies) to guarantee continuous operation during disruptions and meet defined recovery time objectives.

ISO 27001:2022 Annex A 8.14 Redundancy of Information Processing Facilities: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.13 Information Backup

ISO 27001:2022 Annex A 8.13 Information Backup: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.13 is a security control that mandates the regular backup of information, software, and systems to ensure data can be recovered following a disruption. It requires organizations to define and test a backup policy that aligns with business recovery objectives (RPO/RTO), protecting critical assets against data loss from technical failures, human

ISO 27001:2022 Annex A 8.13 Information Backup: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A Controls List

ISO 27001 Annex A Controls list with free iso 27001 annex a controls list excel download and PDF. The complete list including new controls. The ISO 27001 Annex A Controls List An ISO 27001 Annex A Controls List Excel or ISO 27001 Annex A Controls List PDF can quickly help you orientate to the standard.

ISO 27001 Annex A Controls List Read More »

ISO 27001 Annex A 8.12 Data Leakage Prevention

ISO 27001:2022 Annex A 8.12 Data Leakage Prevention: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.12 is a security control designed to prevent the unauthorized extraction or disclosure of sensitive information. It requires organizations to implement data leakage prevention (DLP) measures across systems, networks, and devices to detect and block active leaks—whether accidental or malicious—thereby protecting data at rest, in transit, and in use. In this

ISO 27001:2022 Annex A 8.12 Data Leakage Prevention: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.11 Data Masking: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.11 is a security control that mandates the use of data masking to obscure sensitive information such as PII or financial data. By implementing techniques like pseudonymization, anonymization, and redaction, this control ensures that sensitive data is only visible to authorized users, thereby minimizing the risk of data leaks and complying

ISO 27001:2022 Annex A 8.11 Data Masking: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.10 Information Deletion

ISO 27001:2022 Annex A 8.10 Information Deletion: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.10 is a preventative security control that mandates the secure deletion of information when it is no longer required. It requires organizations to implement methods such as secure erasure, crypto-shredding, or physical destruction to render data unrecoverable, ensuring compliance with data protection laws like GDPR and reducing the risk of unauthorized

ISO 27001:2022 Annex A 8.10 Information Deletion: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.9 Configuration Management

ISO 27001:2022 Annex A 8.9 Configuration Management: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.9 is a security control that requires organizations to define and maintain secure configuration baselines for all hardware, software, services, and networks. By enforcing documented standards and monitoring for unauthorized changes (configuration drift), this control ensures systems are “hardened” by default, preventing vulnerabilities caused by default settings or unpatched services. In

ISO 27001:2022 Annex A 8.9 Configuration Management: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.8 Management of Technical Vulnerabilities

ISO 27001:2022 Annex A 8.8 Management of Technical Vulnerabilities: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.8 is a security control that mandates the effective management of technical vulnerabilities within an organization’s infrastructure. Its primary requirement is the systematic identification, prioritization, and timely remediation of security flaws through patching or compensating controls. By strictly adhering to this framework, organizations achieve the business benefit of drastically reducing the

ISO 27001:2022 Annex A 8.8 Management of Technical Vulnerabilities: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.7 Protection Against Malware: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.7 Protection Against Malware is a security control that mandates a multi-layered defence strategy to prevent, detect, and recover from malicious software. It requires the implementation of Endpoint Detection and Response (EDR), automated updates, and user awareness training to ensure business continuity and data integrity across the organization. In this guide,

ISO 27001:2022 Annex A 8.7 Protection Against Malware: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.6 Capacity Management: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.6 Capacity Management is a security control that ensures organizations monitor and adjust resource usage to prevent system failures. It requires the monitoring of information processing facilities to maintain availability. The primary benefit is transforming reactive “fire-fighting” into proactive planning for future capacity requirements, ensuring business continuity. In this guide, I

ISO 27001:2022 Annex A 8.6 Capacity Management: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.5 Secure Authentication

ISO 27001:2022 Annex A 8.5 Secure Authentication: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.5 is a security control that mandates organizations implement secure authentication procedures to verify the identity of a user or entity before granting access. By adopting a risk-based approach and enforcing Multi-Factor Authentication (MFA), businesses effectively prevent unauthorized entry, ensuring data integrity and compliance with modern security standards. In this guide,

ISO 27001:2022 Annex A 8.5 Secure Authentication: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.4 Access to Source Code: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.4 Access to Source Code is a security control that mandates organizations to strictly manage access to development environments. Its Primary Implementation Requirement involves enforcing read and write restrictions, version control, and authorization procedures to ensure a Business Benefit of protecting intellectual property and preventing unauthorized code changes or malicious backdoors.

ISO 27001:2022 Annex A 8.4 Access to Source Code: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.3 Information Access Restriction: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.3 Information Access Restriction is a security control that limits access to assets based on established policies. It enforces the Primary Implementation Requirement of technical restrictions to ensure users only access data necessary for their roles. This approach secures the Business Benefit of confidentiality and prevents unauthorised exposure. In this guide,

ISO 27001:2022 Annex A 8.3 Information Access Restriction: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 8.2 Privileged Access Rights: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.2 Privileged Access Rights is a security control that mandates the strict restriction and management of administrative accounts to prevent unauthorized system changes. Organizations must implement a formal authorization process, ensure accountability for privileged actions, and strictly enforce the Principle of Least Privilege to mitigate insider threats and data breaches. In

ISO 27001:2022 Annex A 8.2 Privileged Access Rights: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 8.1 User Endpoint Devices

ISO 27001:2022 Annex A 8.1 User Endpoint Devices: The Lead Auditor’s Guide.

ISO 27001 Annex A 8.1 is a security control that mandates the protection of information stored on, processed by, or accessible via laptops, smartphones, and tablets. Its Primary Implementation Requirement involves deploying technical measures like full-disk encryption and malware protection. This secures the perimeter, delivering the Business Benefit of preventing data breaches across unmanaged remote

ISO 27001:2022 Annex A 8.1 User Endpoint Devices: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 7.14 Secure Disposal or Re-use of Equipment: The Lead Auditor’s Guide.

ISO 27001 Annex A 7.14 Secure Disposal or Re-use of Equipment is a security control that mandates the verification of storage media to ensure sensitive data and licensed software are securely overwritten or destroyed before hardware retirement. This process guarantees prevention of data leakage and maintains compliance with licensing agreements during the asset lifecycle termination

ISO 27001:2022 Annex A 7.14 Secure Disposal or Re-use of Equipment: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 7.13 Equipment Maintenance : The Lead Auditor’s Guide.

ISO 27001 Annex A 7.13 Equipment Maintenance is a security control that mandates organisations maintain hardware according to manufacturer specifications to prevent unauthorized access and data loss. Implementing this control ensures the availability and integrity of information assets by securing equipment during on-site servicing and off-site repairs. In this guide, I will show you exactly

ISO 27001:2022 Annex A 7.13 Equipment Maintenance : The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 7.12 Cabling Security: The Lead Auditor’s Guide.

ISO 27001 Annex A 7.12 Cabling Security is a security control that mandates the physical protection of power and telecommunications lines to prevent unauthorized interception, interference, or damage. Ideally, organizations must ensure physical segregation of power and data cables to prevent corruption. This implementation safeguards the confidentiality and availability of information traversing the physical network

ISO 27001:2022 Annex A 7.12 Cabling Security: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 7.11 Supporting Utilities: The Lead Auditor’s Guide.

ISO 27001 Annex A 7.11 Supporting Utilities is a security control that mandates the protection of information processing facilities from power failures and environmental disruptions. To comply, organizations must implement redundant power supplies (UPS) and diverse utility routing, ensuring continuous availability of critical systems and preventing data corruption during outages. In this guide, I will

ISO 27001:2022 Annex A 7.11 Supporting Utilities: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 7.10 Storage Media: The Lead Auditor’s Guide.

ISO 27001 Annex A 7.10 Storage Media is a security control that mandates the lifecycle management of physical and removable drives to prevent data leakage. It requires organizations to implement mandatory encryption and secure disposal procedures, ensuring sensitive data on USBs and hard drives remains protected against theft, delivering the Business Benefit of verifiable data

ISO 27001:2022 Annex A 7.10 Storage Media: The Lead Auditor’s Guide. Read More »

ISO 27001:2022 Annex A 7.9 Security of Assets Off-Premises: The Lead Auditor’s Guide.

ISO 27001 Annex A 7.9 Security of Assets Off-Premises is a security control that mandates the protection of hardware and information outside the organization’s physical perimeter. It requires risk-based safeguards, such as full-disk encryption and physical supervision, to prevent theft, loss, or unauthorized access, ensuring business continuity during remote work operations. In this guide, I

ISO 27001:2022 Annex A 7.9 Security of Assets Off-Premises: The Lead Auditor’s Guide. Read More »

ISO 27001 Annex A 7.8 Equipment siting and protection

ISO 27001:2022 Annex A 7.8 Equipment siting and protection

In this guide, I will show you exactly how to implement ISO 27001 Annex A 7.8 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 7.8 Equipment siting and protection Read More »

ISO 27001 Annex A 7.6 Working in secure areas

ISO 27001:2022 Annex A 7.6 Working in secure areas

In this guide, I will show you exactly how to implement ISO 27001 Annex A 7.6 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 7.6 Working in secure areas Read More »

ISO 27001 Annex A 7.7 Clear desk and clear screen

ISO 27001:2022 Annex A 7.7 Clear desk and clear screen

In this guide, I will show you exactly how to implement ISO 27001 Annex A 7.7 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 7.7 Clear desk and clear screen Read More »

ISO 27001 Annex A 7.5 Protecting against physical and environmental threats

ISO 27001:2022 Annex A 7.5 Protecting against physical and environmental threats

In this guide, I will show you exactly how to implement ISO 27001 Annex A 7.5 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 7.5 Protecting against physical and environmental threats Read More »

ISO 27001 Annex A 7.4 Physical security monitoring

ISO 27001:2022 Annex A 7.4 Physical security monitoring

In this guide, I will show you exactly how to implement ISO 27001 Annex A 7.4 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 7.4 Physical security monitoring Read More »

ISO 27001 Annex A 7.3 Securing offices, rooms and facilities

ISO 27001:2022 Annex A 7.3 Securing offices, rooms and facilities

In this guide, I will show you exactly how to implement ISO 27001 Annex A 7.3 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 7.3 Securing offices, rooms and facilities Read More »

ISO 27001 Annex A 7.2 Physical entry controls

ISO 27001:2022 Annex A 7.2 Physical entry

In this guide, I will show you exactly how to implement ISO 27001 Annex A 7.2 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 7.2 Physical entry Read More »

ISO 27001 Annex A 7.1 Physical security perimeter

ISO 27001:2022 Annex A 7.1 Physical security perimeters

In this guide, I will show you exactly how to implement ISO 27001 Annex A 7.1 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 7.1 Physical security perimeters Read More »

ISO 27001 Annex A 6.8 Information security event reporting

ISO 27001:2022 Annex A 6.8 Information security event reporting

In this guide, I will show you exactly how to implement ISO 27001 Annex A 6.8 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 6.8 Information security event reporting Read More »

ISO 27001:2022 Annex A 6.7 Remote working

In this guide, I will show you exactly how to implement ISO 27001 Annex A 6.7 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 6.7 Remote working Read More »

ISO 27001 Annex A 6.6 Confidentiality or non-disclosure agreements

ISO 27001:2022 Annex A 6.6 Confidentiality or non-disclosure agreements

In this guide, I will show you exactly how to implement ISO 27001 Annex A 6.6 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 6.6 Confidentiality or non-disclosure agreements Read More »

ISO 27001 Annex A 6.5 Responsibilities after termination or change of employment

ISO 27001:2022 Annex A 6.5 Responsibilities after termination or change of employment

In this guide, I will show you exactly how to implement ISO 27001 Annex A 6.5 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 6.5 Responsibilities after termination or change of employment Read More »

ISO 27001 Annex A 6.4 Disciplinary process

ISO 27001:2022 Annex A 6.4 Disciplinary process

In this guide, I will show you exactly how to implement ISO 27001 Annex A 6.4 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 6.4 Disciplinary process Read More »

ISO 27001 Annex A 6.3 Information security awareness, education and training

ISO 27001:2022 Annex A 6.3 Information security awareness, education and training

In this guide, I will show you exactly how to implement ISO 27001 Annex A 6.3 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 6.3 Information security awareness, education and training Read More »

ISO 27001 Annex A 6.2 Terms and conditions of employment

ISO 27001:2022 Annex A 6.2 Terms and conditions of employment

In this guide, I will show you exactly how to implement ISO 27001 Annex A 6.2 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 6.2 Terms and conditions of employment Read More »

ISO 27001:2022 Annex A 6.1 Screening

In this guide, I will show you exactly how to implement ISO 27001 Annex A 6.1 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 6.1 Screening Read More »

ISO 27001 Annex A 5.37 Documented operating procedures

ISO 27001 Annex A 5.37: A Practical Guide to Documented Operating Procedures

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.37 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001 Annex A 5.37: A Practical Guide to Documented Operating Procedures Read More »

ISO 27001 Annex A 5.36 Compliance with policies and standards for information security

ISO 27001:2022 Annex A 5.36 Compliance with policies, rules and standards for information security

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.36 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.36 Compliance with policies, rules and standards for information security Read More »

ISO 27001 Annex A 5.35 Independent review of information security

ISO 27001:2022 Annex A 5.35 Independent review of information security

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.35 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.35 Independent review of information security Read More »

ISO 27001 Annex A 5.34 Privacy and protection of PII

ISO 27001:2022 Annex A 5.34 Privacy and protection of PII

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.34 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.34 Privacy and protection of PII Read More »

ISO 27001 Annex A 5.33 Protection of records

ISO 27001:2022 Annex A 5.33 Protection of records

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.33 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.33 Protection of records Read More »

ISO 27001 Annex A 5.32 Intellectual property rights

ISO 27001:2022 Annex A 5.32 Intellectual property rights

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.32 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.32 Intellectual property rights Read More »

ISO 27001 Annex A 5.31 Identification of legal, statutory, regulatory and contractual requirements

ISO 27001:2022 Annex A 5.31 Legal, statutory, regulatory and contractual requirements

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.31 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.31 Legal, statutory, regulatory and contractual requirements Read More »

ISO 27001 Annex A 5.30 ICT readiness for business continuity

ISO 27001:2022 Annex A 5.30 ICT readiness for business continuity

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.30 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.30 ICT readiness for business continuity Read More »

ISO 27001 Annex A 5.29 Information security during disruption

ISO 27001:2022 Annex A 5.29 Information security during disruption

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.29 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.29 Information security during disruption Read More »

ISO 27001 Annex A 5.28 Collection of evidence

ISO 27001:2022 Annex A 5.28 Collection of evidence

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.28 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.28 Collection of evidence Read More »

ISO 27001 Annex A 5.27 Learning from information security incidents

ISO 27001:2022 Annex A 5.27 Learning from information security incidents

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.27 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.27 Learning from information security incidents Read More »

ISO 27001:2022 Annex A 5.26 Response to information security incidents

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.26 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.26 Response to information security incidents Read More »

ISO 27001 Annex A 5.25 Assessment and decision on information security events

ISO 27001:2022 Annex A 5.25 Assessment and decision on information security events

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.25 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.25 Assessment and decision on information security events Read More »

ISO 27001:2022 Annex A 5.24 Information security incident management planning and preparation

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.24 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.24 Information security incident management planning and preparation Read More »

ISO 27001 Annex A 5.23 Information security for use of cloud services

ISO 27001:2022 Annex A 5.23 Information security for use of cloud services

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.23 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.23 Information security for use of cloud services Read More »

ISO 27001 Annex A 5.22 Monitoring, review and change management of supplier services

ISO 27001:2022 Annex A 5.22 Monitoring, review and change management of supplier services

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.22 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.22 Monitoring, review and change management of supplier services Read More »

ISO 27001:2022 Annex A 5.21 Managing information security in the ICT supply chain

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.21 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.21 Managing information security in the ICT supply chain Read More »

ISO 27001 Annex A 5.20 Addressing information security within supplier agreements

ISO 27001:2022 Annex A 5.20 Addressing information security within supplier agreements

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.20 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.20 Addressing information security within supplier agreements Read More »

ISO 27001 Annex A 5.19 Information security in supplier relationships

ISO 27001:2022 Annex A 5.19 Information security in supplier relationships

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.19 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.19 Information security in supplier relationships Read More »

ISO 27001:2022 Annex A 5.18 Access rights

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.18 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.18 Access rights Read More »

ISO 27001 Annex A 5.17 Authentication information

ISO 27001:2022 Annex A 5.17 Authentication information

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.17 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.17 Authentication information Read More »

ISO 27001 Annex A 5.16 Identity management

ISO 27001:2022 Annex A 5.16 Identity management

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.16 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.16 Identity management Read More »

ISO 27001:2022 Annex A 5.15 Access control

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.15 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.15 Access control Read More »

ISO 27001 Annex A Controls Ultimate Guide

ISO 27001 Annex A Controls: The Complete 2022 Reference List (93 Controls)

Introduction I am going to show you what ISO 27001 Annex A Controls are and for each control I am going to You will lean exactly what you need to do to satisfy each ISO 27001 Annex A Control for you to achieve ISO 27001 certification. I am Stuart Barker the ISO 27001 Lead Auditor and this

ISO 27001 Annex A Controls: The Complete 2022 Reference List (93 Controls) Read More »

ISO 27001 Annex A 5.14 Information transfer

ISO 27001:2022 Annex A 5.14 Information transfer

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.14 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.14 Information transfer Read More »

ISO 27001:2022 Annex A 5.13 Labelling of information

Beginner’s Guide to ISO27001 Annex A 5.13 Labelling Of Information

ISO 27001:2022 Annex A 5.13 Labelling of information Read More »

ISO 27001 Annex A 5.12 Classification of information

ISO 27001:2022 Annex A 5.12 Classification of information

Beginner’s Guide to ISO27001:2022 Annex A 5.12 / ISO27002:2022 Clause 5.12 Classification of Information

ISO 27001:2022 Annex A 5.12 Classification of information Read More »

ISO 27001:2022 Annex A 5.11 Return of assets

Beginner’s Guide to ISO27001:2022 Annex A 5.11 / ISO27002:2022 Clause 5.11 Return of Assets.

ISO 27001:2022 Annex A 5.11 Return of assets Read More »

ISO 27001 Annex A 5.10 Acceptable use of information and other associated assets

ISO 27001:2022 Annex A 5.10 Acceptable use of information and other associated assets

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.10 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.10 Acceptable use of information and other associated assets Read More »

ISO 27001:2022 Annex A 5.9 Inventory of information and other associated assets

A Beginner’s Guide to ISO 27001 Annex A 5.9 Inventory of Information and Other Associated Assets

ISO 27001:2022 Annex A 5.9 Inventory of information and other associated assets Read More »

ISO 27001 Annex A 5.8 Information security in project management

ISO 27001:2022 Annex A 5.8 Information security in project management

A Beginner’s Guide to ISO27001:2022 Annex A 5.8 / ISO27002:2022 Clause 5.8 Information security in project management

ISO 27001:2022 Annex A 5.8 Information security in project management Read More »

ISO 27001 Annex A 5.7 Threat intelligence

ISO 27001:2022 Annex A 5.7 Threat intelligence

Beginner’s Guide to the new ISO 27001 control – ISO 27001 Annex A 5.7 / ISO 27002: 2022 Clause 5.7 Threat Intelligence

ISO 27001:2022 Annex A 5.7 Threat intelligence Read More »

ISO 27001 Annex A 5.6 Contact with special interest groups

ISO 27001:2022 Annex A 5.6 Contact with special interest groups

A Beginner’s Guide to ISO 27001 Annex A 5.6 / ISO 27002: 2022 Clause 5.6 Contact With Special Interest Groups

ISO 27001:2022 Annex A 5.6 Contact with special interest groups Read More »

ISO 27001 Annex A 5.5 Contact with authorities

ISO 27001:2022 Annex A 5.5 Contact with authorities

Beginner’s Guide to ISO 27001 Annex A 5.5 / ISO 27002: 2022 Clause 5.5 Contact with Authorities

ISO 27001:2022 Annex A 5.5 Contact with authorities Read More »

ISO 27001 Annex A 5.4 Management responsibilities

ISO 27001:2022 Annex A 5.4 Management responsibilities

In this guide, I will show you exactly how to implement ISO 27001 Annex A 5.4 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy. I am Stuart Barker, an ISO 27001 Lead

ISO 27001:2022 Annex A 5.4 Management responsibilities Read More »

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wp_woocommerce_session_*	2 days	WooCommerce sets this cookie to make a unique code for each customer so that it knows where to find the cart data in the database for each one.
yith_wcmcs_currency	7 days	Required for currency conversion.
__stripe_mid	1 year	Stripe sets this cookie to process payments.
__stripe_sid	1 hour	Stripe sets this cookie to process payments.

Cookie	Duration	Description
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
sbjs_current	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_current_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_migrations	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_session	1 hour	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_udata	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.

Cookie	Duration	Description
PREF	8 months	PREF cookie is set by Youtube to store user preferences like language, format of search results and other customizations for YouTube Videos embedded in different sites.
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
m	1 year 1 month 4 days	No description available.
_monsterinsights_uj	1 year	Description is currently not available.

Filter posts by category

ISO 27001 Annex A Controls