ISO/IEC 27001

Information technology — Security techniques

(Information security management systems — Requirements)

ISO/IEC 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system in an organization. The requirements are grouped into a total of 10 clauses. Clauses 4 through 10 are mandatory for claiming conformity to ISO/IEC 27001. Clauses 4 through 10 cover the following:

  • Context of the Organization

  • Leadership

  • Planning

  • Support

  • Operation

  • Performance Evaluation

  • Improvement

ISO/IEC 27002:2013 is the Annex A to ISO/IEC27001. It contains comprehensive list of control objectives and controls for information security risk treatments. The control objectives and controls are grouped into 14 domains with a total of 114 controls. The domains are as listed below:

ISO/IEC 27002:2022
The structure of the 2022 version of ISO/IEC27002 is significantly different. The 14 domains in the old version of the standard have been transformed into four themes, and the 114 controls reduced to a total of 93 controls (some controls were merged and 11 new controls were introduced), as shown in the tables below.


The 11 new controls included in the 93 controls:


Our Related Services
Our team of experienced consultants can assist in the following areas:

  • Establishing a compliance management solution for ongoing monitoring, maintenance, and maturation of your cybersecurity management/governance efforts

  • Performing risk analysis for resources and business processes in the target environment

  • Performing gaps analysis of your current cybersecurity management practice against the requirements of ISO/IEC 27001, and providing recommendations for closing identified gaps

  • ISO/IEC 27001 Mandatory Internal Audit function - Our team will perform internal audit of your ISMS to fulfill the mandatory requirement of Clause 9.2 of ISO/IEC 27001

  • Improving related business processes and developing or enhancing necessary security policies and procedures

Give us a call at 954-362-7113 or schedule an appointment for a free consultation to get started.

More about other frameworks and standards
NIST SP800-53
NIST Cybersecurity Framework (CSF)
CSA Cloud Controls Matrix (CCM)
Payment Cards Industry Data Security Standard (PCI DSS)
Cybersecurity Maturity Model Certification (CMMC) 2.0 Framework
SWIFT Customer Security Controls Framework
General Data Protection Regulation (GDPR)