# ISO 27001 Controls and Domains ISO 27001 is structured around 14 domains, comprising a total of 114 controls. These domains and controls form the backbone of an effective Information Security Management System (ISMS). Here's a high-level introduction: 1. **Information Security Policies** (2 controls): Establish and review security policies. 2. **Organization of Information Security** (7 controls): Set up a framework for managing security. 3. **Human Resource Security** (6 controls): Ensure security from pre-employment to termination. 4. **Asset Management** (10 controls): Manage assets and assign ownership. 5. **Access Control** (14 controls): Restrict access to information based on business needs. 6. **Cryptographic Controls** (2 controls): Ensure proper use and management of cryptography. 7. **Physical and Environmental Security** (15 controls): Protect physical areas and equipment. 8. **Operational Security** (14 controls): Secure operations and ensure system integrity. 9. **Communications Security** (7 controls): Secure network services and data transfer. 10. **System Acquisition, Development, and Maintenance** (13 controls): Integrate security in the development lifecycle. 11. **Supplier Relationships** (5 controls): Manage risks from supplier interactions. 12. **Information Security Incident Management** (7 controls): Plan and respond to security incidents. 13. **Information Security Aspects of Business Continuity Management** (4 controls): Maintain security during disruptions. 14. **Compliance** (8 controls): Ensure adherence to legal, regulatory, and contractual requirements. These controls collectively help organizations manage information security risks and protect their information assets effectively. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://calvin-lai.gitbook.io/calvin-lai-security/iso-27001/iso-27001-controls-and-domains.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.