ISO 27001 114 Controls 14 domains

ISO 27001 Annex A

14 Domains of ISO 27001

 

ISO 27001 require company to implement applicable controls within 14 domains.

There are 114 controls under 14 domains.

  • Information security policies – controls on how the policies are written and reviewed
  • Organization of information security – controls on how the responsibilities are assigned; also includes the controls for mobile devices and teleworking
  • Human resources security – controls prior to employment, during, and after the employment
ISO 27001 Security Control CCTV
  • Asset management – controls related to inventory of assets and acceptable use, also for information classification and media handling
  • Access control – controls for the Access Control Policy, user access management, system and application access control, and user responsibilities
  • Cryptography – controls related to encryption and key management
  • Physical and environmental security – controls defining secure areas, entry controls, protection against threats, equipment security, secure disposal, Clear Desk and Clear Screen Policy, etc.
ISO 27001 Annex A
  • Operational security – lots of controls related to management of IT production: change management, capacity management, malware, backup, logging, monitoring, installation, vulnerabilities, etc.
  • Communications security – controls related to network security, segregation, network services, transfer of information, messaging, etc.
  • System acquisition, development and maintenance – controls defining security requirements and security in development and support processes
  • Supplier relationships – controls on what to include in agreements, and how to monitor the suppliers
ISO 27001 14 domains 114 controls
  • Information security incident management – controls for reporting events and weaknesses, defining responsibilities, response procedures, and collection of evidence
  • Information security aspects of business continuity management – controls requiring the planning of business continuity, procedures, verification and reviewing, and IT redundancy
  • Compliance – controls requiring the identification of applicable laws and regulations, intellectual property protection, personal data protection, and reviews of information security

Call ISO 27001 Consultant Now !

thomascsyu

thomascsyu

Leave a Replay

About Me

Over 19 Year in ISO Certification Consulting industry. Many stories I heard from client, auditors and friends

Recent Posts

Follow Us

Sign up for our Newsletter

Welcome to subscribe

Scroll to Top