// Level 2 · Themes

ISO/IEC 27001:2022

International standard for information security management systems — 93 Annex A controls in 4 themes.

Annex A.5 — 37 organisational controls covering policies, roles, supplier relationships, and incident management.

Annex A.6 — 8 controls covering screening, employment terms, awareness, and disciplinary processes.

Annex A.7 — 14 controls covering secure areas, equipment, clear desk, and secure disposal.

Annex A.8 — 34 controls covering access, cryptography, secure development, and monitoring.