What are the 14 domains under ISO 27001 list of controls

  ISO 27001 is a widely recognized international standard for managing information security. The standard outlines a set of requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within the context of the organization. The standard provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.

The standard is organized into 14 sections, also known as domains, which cover various aspects of information security management. Each domain consists of a set of controls that an organization needs to consider when implementing an ISMS. Here are the 14 domains and their respective controls:

  1. Context of the Organization:

    • 4.1 Understanding the organization and its context
    • 4.2 Understanding the needs and expectations of interested parties
    • 4.3 Determining the scope of the information security management system
    • 4.4 Information security management system
  2. Leadership:

    • 5.1 Leadership and commitment
    • 5.2 Policy
    • 5.3 Organizational roles, responsibilities, and authorities
  3. Planning:

    • 6.1 Actions to address risks and opportunities
    • 6.2 Information security objectives and planning to achieve them
  4. Support:

    • 7.1 Resources
    • 7.2 Competence
    • 7.3 Awareness
    • 7.4 Communication
    • 7.5 Documented information
  5. Operation:

    • 8.1 Operational planning and control
  6. Performance Evaluation:

    • 9.1 Monitoring, measurement, analysis, and evaluation
    • 9.2 Internal audit
    • 9.3 Management review
  7. Improvement:

    • 10.1 Nonconformity and corrective action
    • 10.2 Continual improvement

These domains and controls form the basis for establishing, implementing, maintaining, and improving an effective ISMS within an organization according to the ISO 27001 standard

Comments