ISO 27001 Reference
A technical repository of the ISO/IEC 27001:2022 Annex A controls and implementation requirements
Browse the 93 Annex A controls →ISO/IEC 27001:2022 Annex A defines 93 information security controls across four categories. This site provides structured implementation guidance for each control, oriented toward Microsoft 365 environments.
Organizational controls
37 controls
Security policies, risk management, asset classification, supplier relations, and governance.
People controls
8 controls
Pre-employment screening, security awareness, disciplinary processes, and remote work.
Physical controls
14 controls
Physical perimeters, equipment protection, clear desk, and secure media disposal.
Technological controls
34 controls
Access control, cryptography, network security, logging, and secure development.