What are the Annex A Controls?
Annex A of the ISO 27001 standard consists of a list of security controls organizations can utilize to improve the security of their information assets. ISO 27001 comprises 114 controls divided into 14 sections, also known as domains. The sections are focused on information technology and beyond, taking into consideration the wide range of factors that can impact the security of an organization’s information environment. The 14 ISO domains cover organizational issues, human resources, IT, physical security, and legal issues. Organizations are not required to implement the entire list of ISO 27001’s controls but instead use it as a list of possibilities to consider based on their unique needs.
Utilizing the 114 controls listed in Annex A, a company can select those applicable to its needs and the needs of its customers. The 14 domains are:
- Information security policies (A.5)
- Organization of information security and assignment of responsibility (A.6)
- Human resources security (A.7)
- Asset management (A.8)
- User access control (A.9)
- Encryption and management of sensitive information (A.10)
- Physical and environmental security (A.11)
- Operational security (A.12)
- Communications security (A.13)
- System acquisition, development, and maintenance (A.14)
- Supplier relationships (A.15)
- Information security incident management (A.16)
- Information security aspects of business continuity management (A.17)
- Compliance (A.18)
Additional resources you might like:
Coffee and Compliance: Building Trust to Drive Business Growth
Join our live webinar on May 23 at 12 PM where VP of Product Chase Lee, and Staff Product Manager Sanjay Padval as they demonstrate a brief overview and provide guidance on advancing your security program beyond building or improving. Learn how to enhance customer satisfaction and gain a competitive advantage, accelerating your business growth.
Café et compliance : les clés pour booster sa croissance en tant que startup
Pour vendre à des entreprises, les startups doivent garantir la protection des données de leurs clients en prouvant qu’elles ont mis en place les bonnes pratiques de sécurité. Pour cela, elles peuvent obtenir une certification comme la norme ISO 27001. Ce webinar explique les différents contrôles de sécurité à effectuer, les avantages de la certification et comment automatiser jusqu'à 90% du processus avec Vanta. Sébastien, CTO et co-fondateur de Leeway reviendra sur son expérience avec Vanta, et les participants pourront échanger avec notre responsable commerciale en France et notre expert en certification.
Introducing Vanta Workspaces
We’re thrilled to announce Vanta Workspaces, a new capability in our platform that enables complex organizations with multiple business units to easily customize, manage, and automate compliance at both the business unit and parent organization level in a single Vanta account.
