ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
Annex A - Organizational Controls
2
Annex A - Control TypeISO/IEC 27001:2022 Annex A IdentifierISO/IEC 27001:2013 Annex A IdentifierAnnex A - Name
3
1Organizational ControlsAnnex A 5.1Annex A 5.1.1
Annex A 5.1.2		Policies for Information Security
4
2Annex A 5.2Annex A 6.1.1Information Security Roles and Responsibilities
5
3Annex A 5.3Annex A 6.1.2Segregation of Duties
6
4Annex A 5.4Annex A 7.2.1Management Responsibilities
7
5Annex A 5.5Annex A 6.1.3Contact With Authorities
8
6Annex A 5.6Annex A 6.1.4Contact With Special Interest Groups
9
7Annex A 5.7NEWThreat Intelligence
10
8Annex A 5.8Annex A 6.1.5
Annex A 14.1.1		Information Security in Project Management
11
9Annex A 5.9Annex A 8.1.1
Annex A 8.1.2		Inventory of Information and Other Associated Assets
12
10Annex A 5.10Annex A 8.1.3
Annex A 8.2.3		Acceptable Use of Information and Other Associated Assets
13
11Annex A 5.11Annex A 8.1.4Return of Assets
14
12Annex A 5.12Annex A 8.2.1Classification of Information
15
13Annex A 5.13Annex A 8.2.2Labeling of Information
16
14Annex A 5.14Annex A 13.2.1
Annex A 13.2.2
Annex A 13.2.3		Information Transfer
17
15Annex A 5.15Annex A 9.1.1
Annex A 9.1.2		Access Control
18
16Annex A 5.16Annex A 9.2.1Identity Management
19
17Annex A 5.17Annex A 9.2.4
Annex A 9.3.1
Annex A 9.4.3		Authentication Information
20
18Annex A 5.18Annex A 9.2.2
Annex A 9.2.5
Annex A 9.2.6		Access Rights
21
19Annex A 5.19Annex A 15.1.1Information Security in Supplier Relationships
22
20Annex A 5.20Annex A 15.1.2Addressing Information Security Within Supplier Agreements
23
21Annex A 5.21Annex A 15.1.3Managing Information Security in the ICT Supply Chain
24
22Annex A 5.22Annex A 15.2.1
Annex A 15.2.2		Monitoring, Review and Change Management of Supplier Services
25
23Annex A 5.23NEWInformation Security for Use of Cloud Services
26
24Annex A 5.24Annex A 16.1.1Information Security Incident Management Planning and Preparation
27
25Annex A 5.25Annex A 16.1.4Assessment and Decision on Information Security Events
28
26Annex A 5.26Annex A 16.1.5Response to Information Security Incidents
29
27Annex A 5.27Annex A 16.1.6Learning From Information Security Incidents
30
28Annex A 5.28Annex A 16.1.7Collection of Evidence
31
29Annex A 5.29Annex A 17.1.1
Annex A 17.1.2
Annex A 17.1.3		Information Security During Disruption
32
30Annex A 5.30NEWICT Readiness for Business Continuity
33
31Annex A 5.31Annex A 18.1.1
Annex A 18.1.5		Legal, Statutory, Regulatory and Contractual Requirements
34
32Annex A 5.32Annex A 18.1.2Intellectual Property Rights
35
33Annex A 5.33Annex A 18.1.3Protection of Records
36
34Annex A 5.34Annex A 18.1.4Privacy and Protection of PII
37
35Annex A 5.35Annex A 18.2.1Independent Review of Information Security
38
36Annex A 5.36Annex A 18.2.2
Annex A 18.2.3		Compliance With Policies, Rules and Standards for Information Security
39
37Annex A 5.37Annex A 12.1.1Documented Operating Procedures
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100