Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » ISO 27001 » ISO 27001 Domains

ISO 27001 Domains

The ISO 27001 is divided into 14 domains. The reason why ISO 27001 is divided into these domains is that it gives a more structured approach towards a holistic framework, and each one of these domains handles a significant part of the objectives.

ISO 27001 Domains are: 

  • Risk Assessment and Management
  • Security Policy Development
  • Organizational Security
  • Human Resource Security 
  • Asset Management 
  • Access Control
  • Cryptography 
  • Physical and Environmental Security
  • Operations Security
  • Communications Security
  • System Acquisition
  • Development and Maintenance
  • Supplier Relationships
  • Information Security Incident Management
  • Business Continuity Management

These domains ensure personnel, data, controls, and systems security, develop incident response strategies for potential breach scenarios and help maintain consistency throughout the operations and your overall enterprise environment.

Additional reading

SOC 2 Compliance: A Complete Guide for 2025

These are just a few questions that auditors will ask during a SOC 2 audit. If you can’t provide verifiable proof like documented processes, screenshots, logs, or signed attestations, you risk audit exceptions. And if too many pile up, your audit report could carry a dreaded disclaimer, potentially damaging trust with customers and partners. In…

How to Create a Cybersecurity Disaster Recovery Plan

Your company’s digital infrastructure has the potential to crumble in the blink of an eye. Leaders might know this but don’t want to face it. With disasters, it’s almost always the question of “when” not and “if”.  While digital interconnectedness propels us forward with unprecedented efficiency, it also exposes us to vulnerabilities that tend to…

Guide to Privacy Compliance [Examples, Challenges, & How to Comply]

As cloud adoption accelerates, privacy compliance regulations like GDPR or CCPA are no longer just a sales blocker but compulsory. Designed to protect customers’ sensitive data, these compliance frameworks can become costly if ignored. Let’s take Yakima Valley Memorial Hospital, for example. After an investigation by the Office for Civil Rights, they paid $240,000 in…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales