Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Blogs
Events
Glossary
Guides and reports

Follow us

Linkedin iconFacebook icon

What are the Annex A Controls?


Annex A of the ISO 27001 standard consists of a list of security controls organizations can utilize to improve the security of their information assets. ISO 27001 comprises 114 controls divided into 14 sections, also known as domains. The sections are focused on information technology and beyond, taking into consideration the wide range of factors that can impact the security of an organization’s information environment. The 14 ISO domains cover organizational issues, human resources, IT, physical security, and legal issues. Organizations are not required to implement the entire list of ISO 27001’s controls but instead use it as a list of possibilities to consider based on their unique needs. 


Utilizing the 114 controls listed in Annex A, a company can select those applicable to its needs and the needs of its customers. The 14 domains are:

  • Information security policies (A.5)
  • Organization of information security and assignment of responsibility (A.6)
  • Human resources security (A.7)
  • Asset management (A.8)
  • User access control (A.9)
  • Encryption and management of sensitive information (A.10)
  • Physical and environmental security (A.11)
  • Operational security (A.12)
  • Communications security (A.13)
  • System acquisition, development, and maintenance (A.14)
  • Supplier relationships (A.15)
  • Information security incident management (A.16)
  • Information security aspects of business continuity management (A.17)
  • Compliance (A.18)

Related Terms

Additional resources you might like:

Compliance
Event
Simplify Compliance and Enhance Your Customer’s Trust

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo where you’ll learn how Vanta goes beyond compliance to enhance your overall security and trust management.

Compliance
Event
State of Trust in AI

Join us, live, for a fireside chat with three leading AI companies, Factory, avoMD, and Stravito, where their leaders will discuss how their organizations leverage security best-practices and compliance with AI frameworks.

Compliance
Blog
How to scale your GRC program with automation

Manual GRC processes aren’t sustainable for growing businesses. That’s where GRC automation comes in. Read more.

Additional resources you might like:

Compliance
Event
Simplify Compliance and Enhance Your Customer’s Trust

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo where you’ll learn how Vanta goes beyond compliance to enhance your overall security and trust management.

Compliance
Event
State of Trust in AI

Join us, live, for a fireside chat with three leading AI companies, Factory, avoMD, and Stravito, where their leaders will discuss how their organizations leverage security best-practices and compliance with AI frameworks.

Compliance
Blog
How to scale your GRC program with automation

Manual GRC processes aren’t sustainable for growing businesses. That’s where GRC automation comes in. Read more.

Compliance
Blog
3 trends shaping the future of GRC and how to adapt today

Managing GRC today still requires a ton of manual work—but it doesn’t have to. Find how the future of GRC is evolving and how you can adapt today.

Compliance
Event
Audit Prep Excellence: Your Path to Success

Join our interactive webinar featuring experts in compliance auditing for a live Q&A session. We'll dive into essential tips for preparing for various compliance audits, guide you through the nuances of both ISO 27001 and SOC 2 standards, and discuss best practices for maintaining continuous compliance.

Product updates
Event
What's New in Vanta: July

Are you curious about new Vanta features? Join Vanta's 'What's New in Vanta' webinar to discover new features and enhancements. Register now!

Compliance
Event
How Fireant Achieved ISO 27001 Compliance Fast & Secured Government Business

Join Vanta and FireAnt as we demystify the compliance journey. We will explore how FireAnt, a Sydney-based software provider, leveraged Vanta’s automation to streamline their ISO 27001 certification process and unlock new business opportunities.

Compliance
Event
How to Automate ISO 27001 & SOC 2 Compliance

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo. Two of our team members will walk you through the platform and answer your questions in real time.

Compliance
Event
How to Automate SOC 2 & ISO 27001 Compliance

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo on July 9th at 11 am PST. Two of our team members will walk you through the platform and answer your questions in real time.

Get compliant and build trust—fast

Request a demo
G2 BadgeG2 BadgeG2 Badge