Skip to content
arrow_back
verifiedISO 27001

Technological controls

34 controls in this part of theISO 27001. Each control links to plain-English guidance, audit tips and cross-framework mappings.

Annex A 8.1
Protection of User Endpoint Devices
Annex A 8.2
Management of Privileged Access Rights
Annex A 8.3
Restrict access to information and assets
Annex A 8.4
Access management for source code and tools
Annex A 8.5
Secure authentication technologies and procedures
Annex A 8.6
Capacity Management for Resource Use
Annex A 8.7
Protection against malware
Annex A 8.8
Management of Technical Vulnerabilities
Annex A 8.9
Configuration Management for Secure IT Systems
Annex A 8.10
Secure deletion of information when no longer needed
Annex A 8.11
Data Masking for Sensitive Information
Annex A 8.12
Data Leakage Prevention Measures
Annex A 8.13
Backup and Recovery Procedures for Data
Annex A 8.14
Redundancy of Information Processing Facilities
Annex A 8.15
Logging of Activities and Events
Annex A 8.16
Monitoring Networks and Systems for Anomalous Behaviour
Annex A 8.17
Clock synchronisation for information systems
Annex A 8.18
Use of Privileged Utility Programs
Annex A 8.19
Secure Software Installation Procedures
Annex A 8.20
Network and Network Devices Security
Annex A 8.21
Security of Network Services
Annex A 8.22
Network Segregation for Security
Annex A 8.23
Web Filtering to Reduce Malicious Website Exposure
Annex A 8.24
Effective Use of Cryptography and Key Management
Annex A 8.25
Secure Development Lifecycle
Annex A 8.26
Defining Security Requirements for Applications
Annex A 8.27
Secure system architecture and engineering principles
Annex A 8.28
Secure Coding Practices in Software Development
Annex A 8.29
Security testing in development and acceptance
Annex A 8.30
Management of Outsourced System Development
Annex A 8.31
Separation of Development, Test, and Production Environments
Annex A 8.32
Change management procedures for information systems
Annex A 8.33
Test Information Selection and Protection
Annex A 8.34
Protection of information systems during audits

Back to the full ISO/IEC 27001:2022 control list, or browse the complete control library.