How does ISO 27001 help to protect your organisation?


Data and information protection is now a hot topic for the government, businesses and the public, particularly after significant cyber-attacks have drawn attention to the security weaknesses of large businesses and organisations such as NHS hospitals and local councils.

To help all organisations, large and small, keep their information safe and their reputations intact, the ISO (International Organisation for Standardisation) developed ISO 27001, the Standard for information security management.

This Standard helps organisations to create a framework for an information security management system (ISMS), which helps to protect your information from cyber-attack, hacks, theft and data leaks by developing best practice.

But ISO 27001 goes beyond IT. To give organisations the security they need, this comprehensive Standard encompasses all aspects of a business, developing risk management throughout for a robust culture of security.

This means that you will develop processes that cover the legal, physical, human and technical aspects of your organisation, protecting both digital and physical assets.

To do this, the Standard includes a diverse set of controls.

What controls does ISO 27001 include?

The wide and in-depth scope of this Standard contains 114 separate controls. Each control has been developed to help businesses cover the various aspects of information protection. All controls are implemented unless they are not relevant to your organisation’s particular activities.

These controls are gathered together in a section known as Annex A, which is then split up into 14 categories. These categories cover everything from developing an information policy to creating access processes.

You can see the full list of categories below:

Annex A.5: Information security policies

Annex A.6: Organisation of information security

Annex A.7: Human resource security

Annex A.8: Asset management

Annex A.9: Asset control

Annex A.10: Cryptography

Annex A.11: Physical and environmental security

Annex A.12: Operations security

Annex A.13: Communications security

Annex A.14: System acquisition, development and maintenance

Annex A.15: Supplier relationships

Annex A.16: Information security incident management

Annex A.17: Information security aspects of business continuity management

Annex A.18: Compliance


By applying these controls, you can ensure that your organisation remains compliant with the latest regulations and legislation, stays up to date through continual improvement and boasts robust risk management.

To find out more about the controls of ISO 27001 and what they involve, head over to our dedicated web page, which includes a comprehensive summary of each control featured in the Standard.

Sign up to get the latest in your inbox

    • Email address

About the author

  • Name:

    Claire Price

  • Company:

    Content Marketing Executive

  • Bio:

    Claire worked for Citation ISO Certification between 2020 and 2022 writing creative and informative content on ISO certification and consultation to help businesses reach their potential.


QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only