ISO 27001 14 domains 114 controls

February 13, 2022

14 Domains of ISO 27001


ISO 27001 require company to implement applicable controls within 14 domains.

There are 114 controls under 14 domains.

  • Information security policies – controls on how the policies are written and reviewed
  • Organization of information security – controls on how the responsibilities are assigned; also includes the controls for mobile devices and teleworking
  • Human resources security – controls prior to employment, during, and after the employment

ISO 27001 Security Control

  • Asset management – controls related to inventory of assets and acceptable use, also for information classification and media handling
  • Access control – controls for the Access Control Policy, user access management, system and application access control, and user responsibilities
  • Cryptography – controls related to encryption and key management
  • Physical and environmental security – controls defining secure areas, entry controls, protection against threats, equipment security, secure disposal, Clear Desk and Clear Screen Policy, etc.

ISO 27001

  • Operational security – lots of controls related to management of IT production: change management, capacity management, malware, backup, logging, monitoring, installation, vulnerabilities, etc.
  • Communications security – controls related to network security, segregation, network services, transfer of information, messaging, etc.
  • System acquisition, development and maintenance – controls defining security requirements and security in development and support processes
  • Supplier relationships – controls on what to include in agreements, and how to monitor the suppliers

ISO 27001 14 domains 114 controls

  • Information security incident management – controls for reporting events and weaknesses, defining responsibilities, response procedures, and collection of evidence
  • Information security aspects of business continuity management – controls requiring the planning of business continuity, procedures, verification and reviewing, and IT redundancy
  • Compliance – controls requiring the identification of applicable laws and regulations, intellectual property protection, personal data protection, and reviews of information security

Call ISO 27001 Consultant Now !

Click here

Schedule FREE 30 Mins Consultation Call
Gabriel Consultant in ISO Consulting
Service with 20 years of experience.
Find Us
© 2024 Gabriel Consultant. All rights reserved
Find Us
© 2024 Gabriel Consultant. All rights reserved

Office Hour: 9:00- 18:00

Tel : +852 23664622

Email :

Free 30 Min Consultation Call

Request an economy and speedy way to get an ISO Certification