ISO 27001 Controls and Domains

ISO 27001 is structured around 14 domains, comprising a total of 114 controls. These domains and controls form the backbone of an effective Information Security Management System (ISMS). Here's a high-level introduction:

  1. Information Security Policies (2 controls): Establish and review security policies.

  2. Organization of Information Security (7 controls): Set up a framework for managing security.

  3. Human Resource Security (6 controls): Ensure security from pre-employment to termination.

  4. Asset Management (10 controls): Manage assets and assign ownership.

  5. Access Control (14 controls): Restrict access to information based on business needs.

  6. Cryptographic Controls (2 controls): Ensure proper use and management of cryptography.

  7. Physical and Environmental Security (15 controls): Protect physical areas and equipment.

  8. Operational Security (14 controls): Secure operations and ensure system integrity.

  9. Communications Security (7 controls): Secure network services and data transfer.

  10. System Acquisition, Development, and Maintenance (13 controls): Integrate security in the development lifecycle.

  11. Supplier Relationships (5 controls): Manage risks from supplier interactions.

  12. Information Security Incident Management (7 controls): Plan and respond to security incidents.

  13. Information Security Aspects of Business Continuity Management (4 controls): Maintain security during disruptions.

  14. Compliance (8 controls): Ensure adherence to legal, regulatory, and contractual requirements.

These controls collectively help organizations manage information security risks and protect their information assets effectively.

PreviousDoes the Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) are the same?Next1. Information Security Policies

Last updated