Optional and mandatory clauses

Overview of ISO 27001 requirements

Creation of ISMS What falls within scope? The Statement of Applicability Optional and mandatory clauses Annex A Required documentation Maintaining an ISMS

Clauses 4-10 of ISO 27001 are mandatory and non-negotiable. They are the core structure of the ISO 27001 standard and must be implemented by every organization.

Clause 4: Context of the organization
Clause 5: Leadership
Clause 6: Planning
Clause 7: Support
Clause 8: Operation
Clause 9: Performance evaluation
Clause 10: Improvement

Annex A controls are, however, optional and contain 93 controls categorized into four themes. You select controls based on your organization’s specific risks and needs, then document your decisions in the Statement of Applicability (SoA).

ISO 27001 Controls: A Guide to Implementing Annex A Controls

Learn more

ISO 27001 Mandatory Documents [Free Template]

Learn more

ISO 27001 Requirements – A Comprehensive List [+Free Template]

Learn more

Annex A

The Sprinto advantage

From automating compliance checklists to monitoring security controls in real-time and more, Sprinto does the heavy lifting for you to get you compliant. ISO 27001 isn’t a one-time exercise. It requires constant monitoring and improvement to ensure you stay compliant. Sprinto doesn’t just help you pass the audit it helps you stay continuously compliant and add more compliances to your kitty with very little additional lift.

Contact sales