Annex A
Overview of ISO 27001 requirements
Annex A of ISO 27001:2022 includes 93 controls grouped under four themes:
Organizational Controls (37)
People Controls (8)
Physical Controls (14)
Technological Controls (34)
Annex A controls must be selected based on your business’s risk profile. The controls that you include or exclude are documented with reasons in the Statement of Applicability.Â
As of 2022, Annex A contained 114 controls but this was revised when ISO 27001:2022 was rolled out. The reduction is a result of a merging, renaming, and reclassification exercise. Furthermore, 11 new controls have been introduced to cover modern security concerns.
Organizational Controls (37)
People Controls (8)
Physical Controls (14)
Technological Controls (34)
Annex A controls must be selected based on your business’s risk profile. The controls that you include or exclude are documented with reasons in the Statement of Applicability.Â
As of 2022, Annex A contained 114 controls but this was revised when ISO 27001:2022 was rolled out. The reduction is a result of a merging, renaming, and reclassification exercise. Furthermore, 11 new controls have been introduced to cover modern security concerns.
ISO 27001 Controls: A Guide to Implementing Annex A Controls
ISO 27001 Asset Management: Safeguard Your Information Assets
ISO 27001:2022 Annex A: The New Security Controls
ISO 27001 Series
Basics
Certification Process
Policies & Management
Risk Management
Resources & Templates
Sprinto: Your ally for all things compliance, risk, governance
