ISO 27001
D- Control objectives and controls
Annex A of the ISO 27001 standard presents a table listing the Control Objectives and Controls: these must be chosen as part of the ISMS process.
The objectives and controls are directly derived and aligned with the ISO 27002 standard (which represents a Guideline for the implementation of the ISMS) and are not an exhaustive list: an organization can consider additional control objectives.
The Aneex A table includes 10 control points containing a total of 39 objectives and 133 controls: the organization will not necessarily have to apply all of them, but will have to indicate in the Statement of Applicability document which controls it may have decided not to apply with the relative motivation .
- A.5- Information Security Policies
- A.6- Organization of Information security
- A.7- Human resource security
- A.8- Asset Mamagement
- A.9- Access control
- A.10 - Cryptography
- A.11- Physical and environmental security
- A.12- Operations Security
- A.13- Communication security
- A.14- System acquisition, development and maintenance
- A.15- Supplier relationships
- A.16- Information security incident management
- A.17- Information security aspects of Business Continuity Management
- A.18- Compliance
|