ISO 27001 14 domains 114 controls

14 Domains of ISO 27001


ISO 27001 require company to implement applicable controls within 14 domains.

There are 114 controls under 14 domains.

  • Information security policies – controls on how the policies are written and reviewed
  • Organization of information security – controls on how the responsibilities are assigned; also includes the controls for mobile devices and teleworking
  • Human resources security – controls prior to employment, during, and after the employment
ISO 27001 Security Control


  • Asset management – controls related to inventory of assets and acceptable use, also for information classification and media handling
  • Access control – controls for the Access Control Policy, user access management, system and application access control, and user responsibilities
  • Cryptography – controls related to encryption and key management
  • Physical and environmental security – controls defining secure areas, entry controls, protection against threats, equipment security, secure disposal, Clear Desk and Clear Screen Policy, etc.
ISO 27001
  • Operational security – lots of controls related to management of IT production: change management, capacity management, malware, backup, logging, monitoring, installation, vulnerabilities, etc.
  • Communications security – controls related to network security, segregation, network services, transfer of information, messaging, etc.
  • System acquisition, development and maintenance – controls defining security requirements and security in development and support processes
  • Supplier relationships – controls on what to include in agreements, and how to monitor the suppliers
ISO 27001 14 domains 114 controls


  • Information security incident management – controls for reporting events and weaknesses, defining responsibilities, response procedures, and collection of evidence
  • Information security aspects of business continuity management – controls requiring the planning of business continuity, procedures, verification and reviewing, and IT redundancy
  • Compliance – controls requiring the identification of applicable laws and regulations, intellectual property protection, personal data protection, and reviews of information security

Call ISO 27001 Consultant Now !

Leave a Replay

About Gabriel Consulatnt

Over 20 Years in ISO Certification Consulting industry. Many stories I heard from client, auditors and friends

Recent Posts

Follow Us

Get Quote Now

Office Hour: 9:00- 18:00

Tel : 2366 4622

 Email :


辦公時間: 9:00- 18:00

電話 : 2366 4622

電郵 :

Thanks for your information.
Your submission is successful.

We will contact you within 24 hours or next working day.

If you want to contact our consultant,  welcome to click button for appointment. 

ISO 9001 Certification Hong Kong