‎A.5.

Organizational controls (37)

‎A.6. People controls (8)

‎ nnex A. Information
A I‎SO 27001:2022 Information security, cybersecurity and privacy protection
‎Security Control Reference ‎— Information security management systems — Requirements
‎A.7. Physical controls (14)
T‎ his document specifies the requirements for establishing, implementing, maintaining and continually
‎improving an information security management system within the context of the organization.
‎A.8. Technological controls (34)
T‎ his document also includes requirements for the assessment and treatment
‎of information security risks tailored to the needs of the organization.
‎Intro
‎10.1 Continual improvement T‎ he requirements set out in this document are generic and are intended
‎to be applicable to all organizations, regardless of type, size or nature.
‎ vidence of the nature of the nonconformities
E ‎10. Improvement
‎and any subsequent actions taken ‎ xcluding any of the requirements specified in Clauses 4 to 10 is not
E
‎10.2 Nonconformity and corrective action
‎acceptable when an organization claims conformity to this document.
‎Evidence of the results of any corrective action

‎4.1 Understanding the organization and its context

‎Evidence of the monitoring and measurement results ‎9.1 Monitoring, measurement, analysis and evaluation
‎ .2 Understanding the needs and
4
‎9.2.1 General ‎expectations of interested parties
‎ . Context of
4
‎ . Performance
9
‎9.2.2 Internal audit programme ‎9.2 Internal audit ‎the organization
‎Evidence of the audit programme(s) ‎evaluation ‎ .3 Determining the scope of the information
4
‎Scope of the ISMS
‎and the audit results ‎security management system

‎9.3.1 General ‎4.4 Information security management system

‎9.3.2 Management review inputs

‎ISO 27001:2022
‎9.3 Management review
‎5.1 Leadership and commitment
‎9.3.3 Management review results 13.03.2023 www.patreon.com/AndreyProzorov
‎Evidence of the results of
‎management reviews ‎5. Leadership ‎5.2 Policy ‎Information Security Policy

‎5.3 Organizational roles, responsibilities and authorities

‎Operational planning and control (Plans and Reports) ‎8.1 Operational planning and control

Legend
‎Results of the information security risk assessments ‎8.2 Information security risk assessment ‎8. Operation
New 2022
‎6.1.1 General
‎Results of the information security risk treatment ‎8.3 Information security risk treatment
Required Documents
‎ .1.2 Information
6
‎ .1 Actions to
6 ‎security risk assessment
‎7.1 Resources ‎address risks ‎Information security risk assessment process
‎and opportunities

‎Evidence of competence ‎7.2 Competence ‎ .1.3 Information

6
‎security risk treatment ‎Information security risk treatment process

‎7.3 Awareness ‎6. Planning ‎Statement of Applicability (SoA)

‎7.4 Communication ‎7. Support ‎6.2 Information security objectives and planning to achieve them ‎Information security objectives

‎7.5.1 General ‎6.3 Planning f changes

‎Documented information determined by the organization
‎as being necessary for the effectiveness of the ISMS

‎7.5.2 Creating and updating ‎7.5 Information

‎requirements

‎7.5.3 Control of documented information