Iso 27001:2022 Controls: Recognize The List Of Isms Controls

By Author: John
Total Articles: 300
Comment this article

ISO 27001 is a widely used and internationally recognized certification for information security management systems that demonstrates a commitment to the protection of confidential information. Through a carefully selected list of security controls, the ISO 27001 ISMS framework extends all domains of an organization, focusing on its people, processes, and technology.

Information security controls are procedures and policies that organizations implement to reduce information security risks. Also, ISO 27001:2022 ISMS standard mandates organizations to establish controls that fulfil their information security management system requirements. The ISO 27001 ISMS document includes Annex A, which outlines all Documents for ISO 27001:2022 controls and groups them into 14 categories (referred to as control objectives and controls). Annex A describes each objective and control to assist organizations in deciding which ones to use. Let's take a closer look at the Annex A Controls.

• Annex A.5 – Information Security Policies
o Annex A.5.1 - Management direction for information security.

• Annex A.6 – ...
... Organization of Information Security:
o Annex A.6.1 - The internal organization.
o Annex A.6.2 - Mobile devices and teleworking.

• Annex A.7 – Human Resource Security:
o Annex A.7.1 - Before employment.
o Annex A.7.2 - Ensure that employees and contractors are aware of and fulfill their information security responsibilities.
o Annex A.7.3 - Termination and change of employment.

• Annex A.8 – Asset Management:
o Annex A.8.1 - The responsibility of assets.
o Annex A.8.2 - Information classification.
o Annex A.8.3 - Media handling.

• Annex A.9 – Access Control:
o Annex A.9.1 - The business requirements of access control.
o Annex A.9.2 - User access management.
o Annex A.9.3 - User responsibilities.
o Annex A.9.4 - System and application access control.

• Annex A.10 – Cryptography:
o Annex A.10.1 - Cryptographic controls.

• Annex A.11 – Physical & Environmental Security:
o Annex A.11.1 - Ensuring secure physical and environmental areas.
o Annex A.11.2 - Equipment.

• Annex A.12 – Operations Security:
o Annex A.12.1 - Operational procedures and responsibilities.
o Annex A.12.2 - Protection from malware.
o Annex A.12.3 - Backup.
o Annex A.12.4 - Logging and monitoring.
o Annex A.12.5 - Control of operational software.
o Annex A.12.6 - Technical vulnerability management.
o Annex A.12.7 - Information systems and audit considerations.

• Annex A.13 – Communications Security:
o Annex A.13.1 - Network security management.
o Annex A.13.2 - Information transfer.

• Annex A.14 – System Acquisition, Development & Maintenance:
o Annex A.14.1 - Security requirements of information systems.

• Annex A.15 – Supplier Relationships:
o Annex A.15.1 - Information security in supplier relationships.
o Annex A.15.2 - Supplier service development management.

• Annex A.16 – Information Security Incident Management:
o Annex A.16.1 - The management of information security incidents, events, and weaknesses.

• Annex A.17 – Information Security Aspects of Business Continuity Management:
o Annex A.17.1 - Information security continuity.
o Annex A.17.2 - Redundancies.

• Annex A.18 – Compliance:
o Annex A.18.1 - Compliance with legal and contractual requirements.

Source: https://27001securitycertification.wordpress.com/2023/03/24/iso-270012022-controls-recognize-the-list-of-isms-controls/