ISO 27001 Annex A Controls List

Home / ISO 27001 Annex A Controls / ISO 27001 Annex A Controls List

The ISO 27001 Annex A Controls List

An ISO 27001 Annex A Controls List Excel or ISO 27001 Annex A Controls List PDF can quickly help you orientate to the standard. Let’s look at some quick and easy ISO 27001 annex a control lists and a totally free ISO 27001 Annex A Controls List Excel that can fast track you. I am Stuart Barker the ISO 27001 Ninja and this is the ISO 27001 Annex A Controls List.

I am also going to give you a totally free ISO 27001 Implementation Guide. A complete guide to implementing ISO 27001. For free. So at the end of this you will have the implementation guide and the checklist and will be able to implement ISO 27001 yourself. I am not even going to ask you for your email address.

ISO 27001:2022

The standard was updated in 2022. This is the 2022 version of the ISO 27001 controls list. It is the latest version with all of the changes and the new controls.

The List of ISO 27001 Annex A Controls

In this section we list the ISO 27001 controls and show you what the new controls are. Each control is hyperlinked to a detailed blog on what the control is, what you have to do, how to implement it and the common mistakes that people make when implementing it. These blogs include step by step guides, videos and ISO 27001 templates.

If you want the download then you will have to scroll down.

ISO 27001 Annex A 5 Organisational controls

ISO 27001 Annex A 5.1 Policies for information security

ISO 27001 Annex A 5.2 Information security roles and responsibilities

ISO 27001 Annex A 5.3 Segregation of duties

ISO 27001 Annex A 5.4 Management responsibilities

ISO 27001 Annex A 5.5 Contact with authorities

ISO 27001 Annex A 5.6 Contact with special interest groups

ISO 27001 Annex A 5.7 Threat intelligence – new

ISO 27001 Annex A 5.8 Information security in project management

ISO 27001 Annex A 5.9 Inventory of information and other associated assets – change

ISO 27001 Annex A 5.10 Acceptable use of information and other associated assets – change

ISO 27001 Annex A 5.11 Return of assets

ISO 27001 Annex A 5.12 Classification of information

ISO 27001 Annex A 5.13 Labelling of information

ISO 27001 Annex A 5.14 Information transfer

ISO 27001 Annex A 5.15 Access control

ISO 27001 Annex A 5.16 Identity management

ISO 27001 Annex A 5.17 Authentication information new

IISO 27001 Annex A 5.18 Access rights – change

ISO 27001 Annex A 5.19 Information security in supplier relationships

ISO 27001 Annex A 5.20 Addressing information security within supplier agreements

ISO 27001 Annex A 5.21 Managing information security in the ICT supply chain – new

ISO 27001 Annex A 5.22 Monitoring, review and change management of supplier services – change

ISO 27001 Annex A 5.23 Information security for use of cloud services  new

ISO 27001 Annex A 5.24 Information security incident management planning and preparation – change

ISO 27001 Annex A 5.25 Assessment and decision on information security events 

ISO 27001 Annex A 5.26 Response to information security incidents

ISO 27001 Annex A 5.27 Learning from information security incidents

ISO 27001 Annex A 5.28 Collection of evidence

ISO 27001 Annex A 5.29 Information security during disruption – change

ISO 27001 Annex A 5.30 ICT readiness for business continuity – new

ISO 27001 Annex A 5.31 Identification of legal, statutory, regulatory and contractual requirements

ISO 27001 Annex A 5.32 Intellectual property rights

ISO 27001 Annex A 5.33 Protection of records

ISO 27001 Annex A 5.34 Privacy and protection of PII

ISO 27001 Annex A 5.35 Independent review of information security

ISO 27001 Annex A 5.36 Compliance with policies and standards for information security

ISO 27001 Annex A 5.37 Documented operating procedures

ISO 27001 Annex A 6 People controls

ISO 27001 Annex A 6.1 Screening

ISO 27001 Annex A 6.2 Terms and conditions of employment

ISO 27001 Annex A 6.3 Information security awareness, education and training

ISO 27001 Annex A 6.4 Disciplinary process

ISO 27001 Annex A 6.5 Responsibilities after termination or change of employment

ISO 27001 Annex A 6.6 Confidentiality or non-disclosure agreements

ISO 27001 Annex A 6.7 Remote working – new

ISO 27001 Annex A 6.8 Information security event reporting 

ISO 27001 Annex A 7 Physical controls

ISO 27001 Annex A 7.1 Physical security perimeter

ISO 27001 Annex A 7.2 Physical entry controls

ISO 27001 Annex A 7.3 Securing offices, rooms and facilities

ISO 27001 Annex A 7.4 Physical security monitoring

ISO 27001 Annex A 7.5 Protecting against physical and environmental threats

ISO 27001 Annex A 7.6 Working in secure areas

ISO 27001 Annex A 7.7 Clear desk and clear screen

ISO 27001 Annex A 7.8 Equipment siting and protection

ISO 27001 Annex A 7.9 Security of assets off-premises

ISO 27001 Annex A 7.10 Storage media – new

ISO 27001 Annex A 7.11 Supporting utilities

ISO 27001 Annex A 7.12 Cabling security

ISO 27001 Annex A 7.13 Equipment maintenance

ISO 27001 Annex A 7.14 Secure disposal or re-use of equipment

ISO 27001 Annex A 8 Technological controls

ISO 27001 Annex A 8.1 User endpoint devices  – new

ISO 27001 Annex A 8.2 Privileged access rights

ISO 27001 Annex A 8.3 Information access restriction

ISO 27001 Annex A 8.4 Access to source code

ISO 27001 Annex A 8.5 Secure authentication

ISO 27001 Annex A 8.6 Capacity management

ISO 27001 Annex A 8.7 Protection against malware

ISO 27001 Annex A 8.8 Management of technical vulnerabilities

ISO 27001 Annex A 8.9 Configuration management

ISO 27001 Annex A 8.10 Information deletion – new

ISO 27001 Annex A 8.11 Data masking  – new

ISO 27001 Annex A 8.12 Data leakage prevention  – new

ISO 27001 Annex A 8.13 Information backup

ISO 27001 Annex A 8.14 Redundancy of information processing facilities

ISO 27001 Annex A 8.15 Logging

ISO 27001 Annex A 8.16 Monitoring activities

ISO 27001 Annex A 8.17 Clock synchronisation

ISO 27001 Annex A 8.18 Use of privileged utility programs

ISO 27001 Annex A 8.19 Installation of software on operational systems

ISO 27001 Annex A 8.20 Network controls

ISO 27001 Annex A 8.21 Security of network services

ISO 27001 Annex A 8.22 Segregation in networks

ISO 27001 Annex A 8.23 Web filtering – new

ISO 27001 Annex A 8.24 Use of cryptography

ISO 27001 Annex A 8.25 Secure development lifecycle

ISO 27001 Annex A 8.26 Application security requirements – new

ISO 27001 Annex A 8.27 Secure system architecture and engineering principles – new

ISO 27001 Annex A 8.29 Security testing in development and acceptance

ISO 27001 Annex A 8.30 Outsourced development

ISO 27001 Annex A 8.31 Separation of development, test and production environments

ISO 27001 Annex A 8.32 Change management

ISO 27001 Annex A 8.33 Test information

ISO 27001 Annex A 8.34 Protection of information systems during audit and testing – new

ISO 27001 Toolkit

DO IT YOURSELF ISO 27001

STOP SPANKING £10,000s on CONSULTANTS and ISMS ONLINE PLATFORMS

ISO 27001 Toolkit Business Edition

FREE ISO 27001 Implementation Guide

Download FREE ISO27001 Implementation Guide

  • The Complete ISO27001 Implementation Guide
  • Free ISO27001 Implementation Guide
Stuart and Fay High Table

FREE ISO 27001 Annex A Controls list excel download

Download FREE ISO 27001 Annex A Controls XLS

  • The Wait is Over
  • We don’t even want your email address
FREE ISO 27001 Annex A Controls list XLS

FREE ISO 27001 Annex A Controls PDF download

Download FREE ISO27001 Checklist PDF

  • The PDF Versions of the totally free ISO 27001 Annex A Controls List
  • We still don’t want your email address
Free ISO 27001 Annex A Controls PDF download
ISO 27001 Toolkit Business Edition

Do It Yourself ISO27001

Stop Spanking £10,000s on consultants and ISMS online-tools.