ISO 27001
ISO 27001 Annex A Controls
Browse all 93 ISO/IEC 27001:2022 Annex A controls. Each control includes plain-language guidance, implementation tips, audit evidence requirements, and cross-framework mappings to the ASD Essential Eight and ASD Information Security Manual.
Showing 93 controls.
What are ISO 27001 Annex A controls?
ISO/IEC 27001:2022 Annex A defines 93 information security controls grouped into four domains: Organisational (37 controls), People (8 controls), Physical (14 controls), and Technological (34 controls). These controls form the basis of any Statement of Applicability (SoA) and are essential for organisations building or certifying an Information Security Management System (ISMS).
Control Stack maps every Annex A control to corresponding requirements in the ASD Essential Eight and ASD Information Security Manual, so you can see how a single implementation action satisfies multiple frameworks at once.
Using this reference
This page lists every control from ISO/IEC 27001:2022 Annex A as published by the International Organization for Standardization. Use the sidebar filters to narrow by domain (Organisational, People, Physical, Technological), control effect (Preventive, Detective, Corrective), or topic tags. Click any control to see its full plain-language explanation, implementation tips, audit evidence checklist, and mappings to related ASD Essential Eight and ISM controls.
Building a Statement of Applicability? Browse by domain to systematically work through each control group. Preparing for an audit? Filter by control effect to review your detective and corrective controls. Planning an ISMS from scratch? View the full cross-framework controls library to see how ISO 27001 maps to Australian government frameworks.