Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Annex A Controls

Training Camp • Cybersecurity Glossary

What is Annex A Controls?

Annex A controls are ISO 27001 reference security controls; the 2022 version has 93 controls across organizational, people, physical, and technological themes.

Glossary > Governance, Risk & Compliance > Annex A Controls

Understanding Annex A Controls

Annex A controls are the set of reference information security controls listed in Annex A of the ISO/IEC 27001 standard, drawn from ISO/IEC 27002. In the 2022 revision, the controls were restructured into 93 controls across four themes, organizational, people, physical, and technological, replacing the previous 114 controls in 14 domains. Organizations select applicable controls based on risk assessment and document their decisions in a Statement of Applicability.

Learn More About Annex A Controls:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →