| A.5.1 | Policies for Information Security | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.1-policies-for-information-security.md |
| A.5.2 | Information Security Roles and Responsibilities | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.2-information-security-roles-and-responsibilities.md |
| A.5.3 | Segregation of Duties | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.3-segregation-of-duties.md |
| A.5.4 | Management Responsibilities | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.4-management-responsibilities.md |
| A.5.5 | Contact with Authorities | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.5-contact-with-authorities.md |
| A.5.6 | Contact with Special Interest Groups | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.6-contact-with-special-interest-groups.md |
| A.5.7 | Threat Intelligence | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.7-threat-intelligence.md |
| A.5.8 | Information Security in Project Management | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.8-information-security-in-project-management.md |
| A.5.9 | Inventory of Information and Other Associated Assets | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.9-inventory-of-information-and-other-associated-assets.md |
| A.5.10 | Acceptable Use of Information and Other Associated Assets | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.10-acceptable-use-of-information-and-other-associated-assets.md |
| A.5.11 | Return of Assets | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.11-return-of-assets.md |
| A.5.12 | Classification of Information | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.12-classification-of-information.md |
| A.5.13 | Labelling of Information | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.13-labelling-of-information.md |
| A.5.14 | Information Transfer | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.14-information-transfer.md |
| A.5.15 | Access Control | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.15-access-control.md |
| A.5.16 | Identity Management | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.16-identity-management.md |
| A.5.17 | Authentication Information | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.17-authentication-information.md |
| A.5.18 | Access Rights | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.18-access-rights.md |
| A.5.19 | Information Security in Supplier Relationships | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.19-information-security-in-supplier-relationships.md |
| A.5.20 | Addressing Information Security within Supplier Agreements | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.20-addressing-information-security-within-supplier-agreements.md |
| A.5.21 | Managing Information Security in the ICT Supply Chain | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.21-managing-information-security-in-the-ict-supply-chain.md |
| A.5.22 | Monitoring, Review, and Change Management of Supplier Services | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.22-monitoring-review-and-change-management-of-supplier-services.md |
| A.5.23 | Information Security for Use of Cloud Services | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.23-information-security-for-use-of-cloud-services.md |
| A.5.24 | Information Security Incident Management Planning and Preparation | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.24-information-security-incident-management-planning-and-preparation.md |
| A.5.25 | Assessment and Decision on Information Security Events | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.25-assessment-and-decision-on-information-security-events.md |
| A.5.26 | Response to Information Security Incidents | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.26-response-to-information-security-incidents.md |
| A.5.27 | Learning from Information Security Incidents | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.27-learning-from-information-security-incidents.md |
| A.5.28 | Collection of Evidence | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.28-collection-of-evidence.md |
| A.5.29 | Information Security During Disruption | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.29-information-security-during-disruption.md |
| A.5.30 | ICT Readiness for Business Continuity | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.30-ict-readiness-for-business-continuity.md |
| A.5.31 | Legal, Statutory, Regulatory, and Contractual Requirements | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.31-legal-statutory-regulatory-and-contractual-requirements.md |
| A.5.32 | Intellectual Property Rights | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.32-intellectual-property-rights.md |
| A.5.33 | Protection of Records | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.33-protection-of-records.md |
| A.5.34 | Privacy and Protection of Personal Identifiable Information (PII) | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.34-privacy-and-protection-of-personal-identifiable-information-pii.md |
| A.5.35 | Independent Review of Information Security | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.35-independent-review-of-information-security.md |
| A.5.36 | Compliance with Policies, Rules, and Standards for Information Security | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.36-compliance-with-policies-rules-and-standards-for-information-security.md |
| A.5.37 | Documented Operating Procedures | Y | | Planned | | | | ISO 27001:2022/A.5-organizational-controls/A.5.37-documented-operating-procedures.md |
| A.6.1 | Screening | Y | | Planned | | | | ISO 27001:2022/A.6-people-controls/A.6.1-screening.md |
| A.6.2 | Terms and Conditions of Employment | Y | | Planned | | | | ISO 27001:2022/A.6-people-controls/A.6.2-terms-and-conditions-of-employment.md |
| A.6.3 | Information Security Awareness, Education, and Training | Y | | Planned | | | | ISO 27001:2022/A.6-people-controls/A.6.3-information-security-awareness-education-and-training.md |
| A.6.4 | Disciplinary Process | Y | | Planned | | | | ISO 27001:2022/A.6-people-controls/A.6.4-disciplinary-process.md |
| A.6.5 | Responsibilities After Termination or Change of Employment | Y | | Planned | | | | ISO 27001:2022/A.6-people-controls/A.6.5-responsibilities-after-termination-or-change-of-employment.md |
| A.6.6 | Confidentiality or Non-disclosure Agreements | Y | | Planned | | | | ISO 27001:2022/A.6-people-controls/A.6.6-confidentiality-or-non-disclosure-agreements.md |
| A.6.7 | Remote Working | Y | | Planned | | | | ISO 27001:2022/A.6-people-controls/A.6.7-remote-working.md |
| A.6.8 | Information Security Event Reporting | Y | | Planned | | | | ISO 27001:2022/A.6-people-controls/A.6.8-information-security-event-reporting.md |
| A.7.1 | Physical Security Perimeters | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.1-physical-security-perimeters.md |
| A.7.2 | Physical Entry | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.2-physical-entry.md |
| A.7.3 | Securing Offices, Rooms, and Facilities | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.3-securing-offices-rooms-and-facilities.md |
| A.7.4 | Physical Security Monitoring | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.4-physical-security-monitoring.md |
| A.7.5 | Protecting Against Physical and Environmental Threats | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.5-protecting-against-physical-and-environmental-threats.md |
| A.7.6 | Working in Secure Areas | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.6-working-in-secure-areas.md |
| A.7.7 | Clear Desk and Clear Screen | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.7-clear-desk-and-clear-screen.md |
| A.7.8 | Equipment Siting and Protection | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.8-equipment-siting-and-protection.md |
| A.7.9 | Security of Assets Off-premises | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.9-security-of-assets-off-premises.md |
| A.7.10 | Storage Media | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.10-storage-media.md |
| A.7.11 | Supporting Utilities | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.11-supporting-utilities.md |
| A.7.12 | Cabling Security | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.12-cabling-security.md |
| A.7.13 | Equipment Maintenance | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.13-equipment-maintenance.md |
| A.7.14 | Secure Disposal or Re-use of Equipment | Y | | Planned | | | | ISO 27001:2022/A.7-physical-controls/A.7.14-secure-disposal-or-re-use-of-equipment.md |
| A.8.1 | User End Point Devices | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.1-user-end-point-devices.md |
| A.8.2 | Privileged Access Rights | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.2-privileged-access-rights.md |
| A.8.3 | Information Access Restriction | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.3-information-access-restriction.md |
| A.8.4 | Access to Source Code | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.4-access-to-source-code.md |
| A.8.5 | Secure Authentication | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.5-secure-authentication.md |
| A.8.6 | Capacity Management | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.6-capacity-management.md |
| A.8.7 | Protection Against Malware | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.7-protection-against-malware.md |
| A.8.8 | Management of Technical Vulnerabilities | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.8-management-of-technical-vulnerabilities.md |
| A.8.9 | Configuration Management | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.9-configuration-management.md |
| A.8.10 | Information Deletion | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.10-information-deletion.md |
| A.8.11 | Data Masking | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.11-data-masking.md |
| A.8.12 | Data Leakage Prevention | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.12-data-leakage-prevention.md |
| A.8.13 | Information Backup | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.13-information-backup.md |
| A.8.14 | Redundancy of Information Processing Facilities | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.14-redundancy-of-information-processing-facilities.md |
| A.8.15 | Logging | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.15-logging.md |
| A.8.16 | Monitoring Activities | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.16-monitoring-activities.md |
| A.8.17 | Clock Synchronization | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.17-clock-synchronization.md |
| A.8.18 | Use of Privileged Utility Programs | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.18-use-of-privileged-utility-programs.md |
| A.8.19 | Installation of Software on Operational Systems | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.19-installation-of-software-on-operational-systems.md |
| A.8.20 | Network Security | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.20-network-security.md |
| A.8.21 | Security of Network Services | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.21-security-of-network-services.md |
| A.8.22 | Segregation of Networks | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.22-segregation-of-networks.md |
| A.8.23 | Web Filtering | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.23-web-filtering.md |
| A.8.24 | Use of Cryptography | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.24-use-of-cryptography.md |
| A.8.25 | Secure Development Life Cycle | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.25-secure-development-life-cycle.md |
| A.8.26 | Application Security Requirements | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.26-application-security-requirements.md |
| A.8.27 | Secure System Architecture and Engineering Principles | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.27-secure-system-architecture-and-engineering-principles.md |
| A.8.28 | Secure Coding | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.28-secure-coding.md |
| A.8.29 | Security Testing in Development and Acceptance | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.29-security-testing-in-development-and-acceptance.md |
| A.8.30 | Outsourced Development | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.30-outsourced-development.md |
| A.8.31 | Separation of Development, Test, and Production Environments | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.31-separation-of-development-test-and-production-environments.md |
| A.8.32 | Change Management | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.32-change-management.md |
| A.8.33 | Test Information | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.33-test-information.md |
| A.8.34 | Protection of Information Systems During Audit Testing | Y | | Planned | | | | ISO 27001:2022/A.8-technological-controls/A.8.34-protection-of-information-systems-during-audit-testing.md |