Skip to content
arrow_back
verifiedISO 27001

Organisational controls

37 controls in this part of theISO 27001. Each control links to plain-English guidance, audit tips and cross-framework mappings.

Annex A 5.1
Policies for information security
Annex A 5.2
Defining Information Security Roles and Responsibilities
Annex A 5.3
Segregation of Duties
Annex A 5.4
Management responsibilities for information security
Annex A 5.5
Establish and Maintain Contact with Authorities
Annex A 5.6
Contact with special interest groups
Annex A 5.7
Threat Intelligence Collection and Analysis
Annex A 5.8
Information security in project management
Annex A 5.9
Inventory management of information and associated assets
Annex A 5.10
Acceptable Use Policies for Information and Assets
Annex A 5.11
Return of Organisation's Assets upon Departure
Annex A 5.12
Information Classification Policy and Practices
Annex A 5.13
Labelling of Information
Annex A 5.14
Information Transfer Policies and Procedures
Annex A 5.15
Access Control Policies and Procedures
Annex A 5.16
Identity life cycle management
Annex A 5.17
Management of Authentication Information
Annex A 5.18
Managing Access Rights to Information Assets
Annex A 5.19
Managing Information Security in Supplier Relationships
Annex A 5.20
Integrating security clauses in supplier agreements
Annex A 5.21
Managing Information Security in the ICT Supply Chain
Annex A 5.22
Monitoring and Managing Supplier Services
Annex A 5.23
Cloud Service Security Management
Annex A 5.24
Information security incident management planning and preparation
Annex A 5.25
Assessment and decision on information security events
Annex A 5.26
Response to Information Security Incidents
Annex A 5.27
Learning from information security incidents
Annex A 5.28
Procedures for Collecting and Preserving Evidence
Annex A 5.29
Maintain information security during disruptions
Annex A 5.30
ICT Readiness for Business Continuity
Annex A 5.31
Compliance with Information Security Legal Requirements
Annex A 5.32
Intellectual Property Rights Protection
Annex A 5.33
Protection of Records
Annex A 5.34
Privacy and Protection of Personally Identifiable Information
Annex A 5.35
Independent review of information security
Annex A 5.36
Review compliance with information security policies
Annex A 5.37
Documented Operating Procedures for Information Processing

Back to the full ISO/IEC 27001:2022 control list, or browse the complete control library.