GlossaryInformation security

Annex A Controls

The catalogue of information security controls in ISO/IEC 27001, grouped into organizational, people, physical, and technological themes.

Annex A of ISO/IEC 27001 is a reference catalogue of controls that organizations draw on to treat their information security risks. The 2022 revision organizes the controls into four themes: organizational, people, physical, and technological.

Annex A is not a checklist to apply in full. Organizations select the controls that are relevant to their risks and record the decision in the Statement of Applicability. Detailed implementation guidance for each control lives in ISO/IEC 27002.

Related frameworks

ISO 27001

Run BCMS, ISMS, DSMS, and AIMS as one system

Book a demo

Annex A Controls

Run BCMS, ISMS, DSMS, and AIMS as one system

Product

Frameworks

Solutions

Services

Resources

Company

Legal

Annex A Controls

Run BCMS, ISMS, DSMS, and AIMS as one system

Product

Frameworks

Solutions

Services

Resources

Company

Legal