ISO 27001
ISO 27001 security controls reference for information security management
25 articles
Control A.5.1: Policies for Information Security
ISO 27001 Control A.5.1 establishes the foundational requirement for comprehensive information security policies that provide strategic direction and...
ISO 27001 Control A.5.2: Information Security Roles and Responsibilities
ISO 27001 Control A.5.2 establishes the fundamental requirement for defining and allocating information security responsibilities throughout organizat...
ISO 27001 Control A.5.3: Segregation of Duties
ISO 27001 Control A.5.3 establishes the fundamental requirement for segregating conflicting duties to reduce opportunities for unauthorized or uninten...
ISO 27001 Control A.5.4: Management Responsibilities
ISO 27001 Control A.5.4 establishes the fundamental requirement for ensuring management direction and support for information security throughout orga...
ISO 27001 Control A.5.5: Contact with Authorities
ISO 27001 Control A.5.5 establishes the fundamental requirement for maintaining appropriate contacts with relevant authorities throughout organization...
ISO 27001 Control A.5.6: Contact with Special Interest Groups
ISO 27001 Control A.5.6 establishes the fundamental requirement for maintaining appropriate contacts with special interest groups, security forums, an...
ISO 27001 Control A.5.7: Threat Intelligence
ISO 27001 Control A.5.7 establishes the fundamental requirement for collecting, analyzing, and utilizing information relating to information security...
ISO 27001 Control A.5.8: Information Security in Project Management
ISO 27001 Control A.5.8 establishes the fundamental requirement for integrating information security into project management throughout organizational...
ISO 27001 Control A.5.9: Inventory of Information and Other Associated Assets
ISO 27001 Control A.5.9 establishes the fundamental requirement for identifying organizational assets and defining appropriate protection responsibili...
ISO 27001 Control A.5.10: Acceptable Use of Information and Other Associated Assets
ISO 27001 Control A.5.10 establishes the fundamental requirement for identifying, documenting, and implementing rules for the acceptable use and proce...
Control A.5.21: Managing Information Security in ICT Supply Chain
ISO 27001 Control A.5.21 establishes comprehensive requirements for managing information security throughout Information and Communication Technology...
Control A.5.22: Addressing Information Security Within Supplier Agreements
ISO 27001 Control A.5.22 establishes comprehensive requirements for embedding information security requirements within supplier agreements, creating c...
Control A.5.23: Information Security for Use of Cloud Services
ISO 27001 Control A.5.23 establishes comprehensive requirements for managing information security throughout cloud service utilization, creating busin...
Control A.5.24: Information Security Incident Management Planning
ISO 27001 Control A.5.24 establishes comprehensive requirements for information security incident management planning, creating business foundation fo...
Control A.5.25: Assessment and Decision on Information Security Events
ISO 27001 Control A.5.25 establishes comprehensive requirements for assessing and making decisions regarding information security events, creating bus...
Control A.5.26: Response to Information Security Incidents
ISO 27001 Control A.5.26 establishes comprehensive requirements for responding to information security incidents, creating business foundation for ope...
Control A.5.27: Learning from Information Security Incidents
ISO 27001 Control A.5.27 establishes comprehensive requirements for learning from information security incidents, creating business foundation for con...
Control A.5.28: Collection of Evidence
ISO 27001 Control A.5.28 establishes comprehensive requirements for collecting evidence of information security activities, creating business foundati...
Control A.5.29: Information Security During Disruption
ISO 27001 Control A.5.29 establishes comprehensive requirements for maintaining information security during business disruptions, creating business fo...
Control A.5.30: ICT Readiness for Business Continuity
ISO 27001 Control A.5.30 establishes comprehensive requirements for ICT readiness supporting business continuity, creating business foundation for tec...
Control A.5.31: Legal, Statutory, Regulatory and Contractual Requirements
ISO 27001 Control A.5.31 establishes comprehensive requirements for managing legal, statutory, regulatory, and contractual obligations, creating busin...
Control A.5.32: Intellectual Property Rights
ISO 27001 Control A.5.32 establishes comprehensive requirements for protecting intellectual property rights, creating business foundation for innovati...
Control A.5.33: Protection of Records
ISO 27001 Control A.5.33 establishes comprehensive requirements for protecting organizational records, creating business foundation for information go...
Control A.5.34: Privacy and Protection of Personally Identifiable Information (PII)
ISO 27001 Control A.5.34 establishes comprehensive requirements for privacy and protection of personally identifiable information, creating business f...
Control A.5.35: Independent Review of Information Security
ISO 27001 Control A.5.35 establishes comprehensive requirements for independent review of information security, creating business foundation for gover...