Enter your keyword

How many controls are there in ISO 27001?

  • Information security policies (2 controls): how policies are written and reviewed.
  • Organization of information security (7 controls): the assignment of responsibilities for specific tasks.
  • Human resource security (6 controls): ensuring that employees understand their responsibilities prior to employment and once they’ve left or changed roles.
  • Asset management (10 controls): identifying information assets and defining appropriate protection responsibilities.
  • Access control (14 controls): ensuring that employees can only view information that’s relevant to their job role.
  • Cryptography (2 controls): the encryption and key management of sensitive information.
  • Physical and environmental security (15 controls): securing the organization’s premises and equipment.
  • Operations security (14 controls): ensuring that information processing facilities are secure.
  • Communications security (7 controls): how to protect information in networks.
  • System acquisition, development and maintenance (13 controls): ensuring that information security is a central part of the organization’s systems.
  • Supplier relationships (5 controls): the agreements to include in contracts with third parties, and how to measure whether those agreements are being kept.
  • Information security incident management (7 controls): how to report disruptions and breaches, and who is responsible for certain activities.
  • Information security aspects of business continuity management (4 controls): how to address business disruptions.
  • Compliance (8 controls): how to identify the laws and regulations that apply to your organization.