The controls listed in Annex A of ISO 27001 have been updated in the new 2022 version of the standard to reflect the emergence of cloud technologies and new threats to emerge since the previous version was published back in 2013.
They essentially tell you what you should do to minimise (or eliminate) the risks associated with your information security management system (ISMS). One strengths of certification to ISO 27001 is the power of the controls listed in Annex A.
They have been split up into 4 different categories
- Organisational controls
- People controls
- Physical controls
- Technological controls
Here, we start with some of the Organisational controls.