Professional Documents
Culture Documents
ISO 27001-2022 - Controls
ISO 27001-2022 - Controls
Annex A controls have been both reduced and restructured to reflect the updated
ISO/IEC 27001:2022 changes; the number of controls decreased from 114 to 93 and
are now categorized from 14 domains into four overarching groups—organizational,
people, physical, and technological.
The good news is, these changes make the standard easier to digest and simpler to
implement. Here’s more information of each domain, where to find them, and a non-
exhaustive list of the type of controls they contain.
Section 5, Organizational (37 controls)
Organizational information policies
Cloud service use
Asset use
Section 6, People (8 controls)
Remote work
Confidentiality
Non-disclosures
Screening
Section 7, Physical (14 controls)
Security monitoring
Storage media
Maintenance
Facilities security
Section 8, Technological (34 controls)
Authentication
Encryption
Data leak prevention