CHAPTER 17: ISO27001 ANNEX A

ISO/IEC 27001:2013 Annex A has 14 major clauses or control areas numbered from A.5 to A.18, each of which identifies one or more control objectives. Each control objective is served by one or more controls. Every control is sequentially numbered.

There are, in total, 114 subclauses, each of which has an alphanumeric clause number.

Annex A is aligned with ISO27002; this means that precisely the same control objectives, controls, clause numbering and wording are used in both Annex A and in ISO27002. Note the clear statement that ‘the control objectives and controls listed in Annex A are not exhaustive and additional control objectives and controls may be needed’.1 The 14 control clauses of Annex A (it does not have ...

Get ISO27001/ISO27002 A Pocket Guide, 2nd edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.