Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What are the Annex A Controls?

Annex A of the ISO 27001 standard consists of a list of security controls organizations can utilize to improve the security of their information assets. ISO 27001 comprises 114 controls divided into 14 sections, also known as domains. The sections are focused on information technology and beyond, taking into consideration the wide range of factors that can impact the security of an organization’s information environment. The 14 ISO domains cover organizational issues, human resources, IT, physical security, and legal issues. Organizations are not required to implement the entire list of ISO 27001’s controls but instead use it as a list of possibilities to consider based on their unique needs. 

Utilizing the 114 controls listed in Annex A, a company can select those applicable to its needs and the needs of its customers. The 14 domains are:

  • Information security policies (A.5)
  • Organization of information security and assignment of responsibility (A.6)
  • Human resources security (A.7)
  • Asset management (A.8)
  • User access control (A.9)
  • Encryption and management of sensitive information (A.10)
  • Physical and environmental security (A.11)
  • Operational security (A.12)
  • Communications security (A.13)
  • System acquisition, development, and maintenance (A.14)
  • Supplier relationships (A.15)
  • Information security incident management (A.16)
  • Information security aspects of business continuity management (A.17)
  • Compliance (A.18)

{{cta_withimage2="/cta-modules"}}

Additional resources you might like:

Product updates
Event
The Future of GRC

Join our virtual event broadcast to hear product updates and renowned security experts on the future of GRC.

Compliance
Event
Save time on security reviews with Questionnaire Automation & Trust Center

Join us to learn how Questionnaire Automation & Trust Center help security teams with questionnaires.

HIPAA
Event
Choosing the right HITRUST certification level and streamlining implementation

As an authorized reseller, Vanta’s pre-built HITRUST solution natively includes the necessary controls, documents, and policies - eliminating the manual “do-it-yourself” approach that other platforms require. Curious to see this in action? Join Vanta and HITRUST for a live session!

Additional resources you might like:

Product updates
Event
The Future of GRC

Join our virtual event broadcast to hear product updates and renowned security experts on the future of GRC.

Compliance
Event
Save time on security reviews with Questionnaire Automation & Trust Center

Join us to learn how Questionnaire Automation & Trust Center help security teams with questionnaires.

HIPAA
Event
Choosing the right HITRUST certification level and streamlining implementation

As an authorized reseller, Vanta’s pre-built HITRUST solution natively includes the necessary controls, documents, and policies - eliminating the manual “do-it-yourself” approach that other platforms require. Curious to see this in action? Join Vanta and HITRUST for a live session!

Compliance
Event
How to Automate ISO 27001 & SOC 2 Compliance

Join Vanta’s 45-minute live product demo. Two of our team members will walk you through the platform and answer your questions in real time.

Compliance
Event
Demystifying the EU AI Act

Ready to Navigate the EU AI Act? Join us for our webinar, “Demystifying the EU AI Act” where we'll break down everything you need to know about this game-changing regulation.

Compliance
Event
How Traffyk.ai Used Compliance to Unlock Enterprise Opportunities

Watch our webinar with Traffyk.ai as we demystify the compliance process. We will explore how Traffyk.ai, a SaaS Employee Communications Performance Platform, leveraged Vanta’s automation to streamline their ISO 27001 certification process, ultimately helping them secure enterprise clients.

Compliance
Event
How to Automate SOC 2 & ISO 27001 Compliance

Join Vanta’s 45-minute live product demo on August 7th at 11 am PST. Two of our team members will walk you through the platform and answer your questions in real time.

Compliance
Event
How to Automate ISO 27001 & SOC 2 Compliance

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo.

Compliance
Blog
4 takeaways from A-LIGN’s 2024 Compliance Benchmark Report

Get highlights from the report that companies can use to evaluate and enhance their current compliance strategies.