Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What are the Annex A Controls?


Annex A of the ISO 27001 standard consists of a list of security controls organizations can utilize to improve the security of their information assets. ISO 27001 comprises 114 controls divided into 14 sections, also known as domains. The sections are focused on information technology and beyond, taking into consideration the wide range of factors that can impact the security of an organization’s information environment. The 14 ISO domains cover organizational issues, human resources, IT, physical security, and legal issues. Organizations are not required to implement the entire list of ISO 27001’s controls but instead use it as a list of possibilities to consider based on their unique needs. 


Utilizing the 114 controls listed in Annex A, a company can select those applicable to its needs and the needs of its customers. The 14 domains are:

  • Information security policies (A.5)
  • Organization of information security and assignment of responsibility (A.6)
  • Human resources security (A.7)
  • Asset management (A.8)
  • User access control (A.9)
  • Encryption and management of sensitive information (A.10)
  • Physical and environmental security (A.11)
  • Operational security (A.12)
  • Communications security (A.13)
  • System acquisition, development, and maintenance (A.14)
  • Supplier relationships (A.15)
  • Information security incident management (A.16)
  • Information security aspects of business continuity management (A.17)
  • Compliance (A.18)

Additional resources you might like:

Company news
Blog
VantaCon UK highlights: See the future of trust in an AI world

From product announcements to panel discussions, watch highlights and recordings from VantaCon UK.

Product updates
Blog
Announcing Vanta’s industry-first partnership to automate HITRUST e1

Vanta has partnered with HITRUST to be the first automated compliance solution of the HITRUST e1 Assessment, helping you demonstrate your commitment to information protection.

Compliance
Event
Demonstrating your information protection practices with HITRUST

Join Vanta and HITRUST for a Coffee and Compliance session where we’ll cover everything HITRUST e1.

Additional resources you might like:

Company news
Blog
VantaCon UK highlights: See the future of trust in an AI world

From product announcements to panel discussions, watch highlights and recordings from VantaCon UK.

Product updates
Blog
Announcing Vanta’s industry-first partnership to automate HITRUST e1

Vanta has partnered with HITRUST to be the first automated compliance solution of the HITRUST e1 Assessment, helping you demonstrate your commitment to information protection.

Compliance
Event
Demonstrating your information protection practices with HITRUST

Join Vanta and HITRUST for a Coffee and Compliance session where we’ll cover everything HITRUST e1.

Compliance
Event
Strategies for scaling your GRC program with automation and AI

Join Vanta and Kobalt.io as we discuss what to consider when scaling your GRC program.

Compliance
Event
How to streamline security reviews with Trust Center

As the number and severity of third-party breaches continue to rise, companies are scrutinizing more closely not just on how they handle data, but how their vendors do as well. For security leaders, this means more security reviews are coming across their desks every day. Join us to learn how Vanta Trust Center can help streamline security reviews.

Compliance
Event
How to automate ISO 27001 and SOC 2 compliance

Join Vanta’s 45-minute live product demo on 21 May at 11 am BST. Two of our team members will walk you through the platform and answer questions throughout the session.

Compliance
Event
How to automate SOC 2 & ISO 27001 compliance

Join Vanta’s 45-minute live product demo on May 29 at 10 am PST. Two of our team members will walk you through the platform and answer questions throughout the session.

SOC 2
Event
Ask Me (Almost) Anything: Post-Audit Planning and Excellence

Navigate post-audit success with Vanta & A-LIGN. Get expert advice on leveraging findings for growth. Register for access or recording.

Company news
Blog
Celebrating international momentum at our first-ever VantaCon UK

We’re thrilled to host our first-ever VantaCon UK in London today as we continue to accelerate international momentum and expand our global footprint.

Get compliant and
build trust, fast.

Two wind turbines on a white background.
Get compliant and build trust,
fast.
Get started