What are the Annex A Controls?
Annex A of the ISO 27001 standard consists of a list of security controls organizations can utilize to improve the security of their information assets. The ISO 27001 framework is comprised of 93 controls divided into four sections, known as domains. The sections focus on information technology and beyond, considering a wide range of factors that can impact the security of an organization’s information environment.
The four Annex A control domains cover organizational, human resources, physical security, and technological implementation segments. Organizations aren’t required to implement all of the Annex A controls, but can use it as a list of controls to consider based on their needs.
The four control domains are:
- Organizational (A.5)
- People (A.6)
- Physical (A.7)
- Technological (A.8)
{{cta_withimage2="/cta-modules"}}




.png)
Join us for a live demo where we’ll walk you through the AI functionality within the Vanta platform and how it can simplify your compliance process. Plus, you’ll have the opportunity to ask live questions—whether it’s about AI specifically, compliance, or how to get started with Vanta.