Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » ISO 27001 » ISO 27001 Domains

ISO 27001 Domains

The ISO 27001 is divided into 14 domains. The reason why ISO 27001 is divided into these domains is that it gives a more structured approach towards a holistic framework, and each one of these domains handles a significant part of the objectives.

ISO 27001 Domains are: 

  • Risk Assessment and Management
  • Security Policy Development
  • Organizational Security
  • Human Resource Security 
  • Asset Management 
  • Access Control
  • Cryptography 
  • Physical and Environmental Security
  • Operations Security
  • Communications Security
  • System Acquisition
  • Development and Maintenance
  • Supplier Relationships
  • Information Security Incident Management
  • Business Continuity Management

These domains ensure personnel, data, controls, and systems security, develop incident response strategies for potential breach scenarios and help maintain consistency throughout the operations and your overall enterprise environment.

Additional reading

Beyond Checkboxes: How Compliance Controls Protect Your Organization?

More often than not, when compliance falls through the cracks, it’s due to weaknesses in compliance controls. This may be because of a design flaw, an implementation error, or inadequacy in control testing or monitoring. Failing to update a policy or overlooking a minor regulatory requirement can cost you your sanity and an audit, resulting…

Data Retention Policy for ISO 27001: A Simple Guide (+ Template)

Imagine a customer requests a copy of their personal data or asks for it to be deleted.  Without clear rules, finding that data or knowing if it should still exist can take days or even weeks.  Moreover, outdated or unnecessary information may remain in shared drives, backups, or archived systems. This leads to compliance risks…

[Product Update] Introducing AI-Powered Risk Management

Risk management today feels like chasing a moving target. Threats evolve by the hour. Vendors introduce new exposures with every integration, and evidence that appeared solid last quarter can become outdated before the next audit even begins. Yet most compliance teams are still working reactively, identifying risks only after they’ve caused an audit finding or…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales