What are Annex A controls?

Annex A outlines all ISO 27001 controls and groups them into categories (referred to as control objectives) to help organizations decide which controls to implement in their pursuit of ISO 27001 compliance.

Annex A control categories include: 

A.5- Information security policies

A.6- Organization of information security

A.7- Human resource security

A.8- Asset management

A.9- Access control

A.10- Cryptography

A.11- Physical and environmental security

A. 12- Operations security

A.13- Communications security

A.14- System acquisition, development, & maintenance

A.15- Supplier relationships

A.16- Information security incident management

A.17- Information security aspects of business continuity management

A.18- Compliance