ISO 27001 Controls

Welcome to the ISO 27001 Annex A Control Guide

​

At the heart of ISO 27001 is Annex A—a structured set of 93 security controls designed to help organisations identify, manage, and mitigate security risks effectively.

 

These controls are grouped into four key families, covering everything from policies and procedures to technology and physical security.

​

Each section provides a clear, easy-to-follow breakdown of the controls, why they matter, and how to implement them.

🔹 Organisational Controls – Policies, roles, risk management, supplier security, incident response & more.

🔹 People Controls – Employee training, awareness, screening, and HR-related security.

🔹 Physical Controls – Office security, asset protection, environmental safeguards.

🔹 Technological Controls – Access control, cryptography, malware protection, system security.

​

Each control is explained in plain language, with guidance on best practices and implementation.