Skip to content
AuditFront
ISO 27001

Organizational Controls

37 controls in this category. Click any control to see implementation guidance, evidence requirements, and common audit failures.

A.5.1 critical

Policies for information security

Organizational Controls
A.5.10 medium

Acceptable use of information and other associated assets

Organizational Controls
A.5.12 high

Classification of information

Organizational Controls
A.5.11 medium

Return of assets

Organizational Controls
A.5.13 medium

Labelling of information

Organizational Controls
A.5.14 high

Information transfer

Organizational Controls
A.5.15 critical

Access control

Organizational Controls
A.5.16 critical

Identity management

Organizational Controls
A.5.17 critical

Authentication information

Organizational Controls
A.5.18 critical

Access rights

Organizational Controls
A.5.19 high

Information security in supplier relationships

Organizational Controls
A.5.2 high

Information security roles and responsibilities

Organizational Controls
A.5.20 high

Addressing information security within supplier agreements

Organizational Controls
A.5.21 high

Managing information security in the ICT supply chain

Organizational Controls
A.5.22 high

Monitoring, review and change management of supplier services

Organizational Controls
A.5.24 critical

Information security incident management planning and preparation

Organizational Controls
A.5.23 high

Information security for use of cloud services

Organizational Controls
A.5.25 high

Assessment and decision on information security events

Organizational Controls
A.5.27 high

Learning from information security incidents

Organizational Controls
A.5.26 critical

Response to information security incidents

Organizational Controls
A.5.28 medium

Collection of evidence

Organizational Controls
A.5.29 high

Information security during disruption

Organizational Controls
A.5.3 high

Segregation of duties

Organizational Controls
A.5.30 critical

ICT readiness for business continuity

Organizational Controls
A.5.31 critical

Legal, statutory, regulatory and contractual requirements

Organizational Controls
A.5.32 medium

Intellectual property rights

Organizational Controls
A.5.33 medium

Protection of records

Organizational Controls
A.5.34 critical

Privacy and protection of personal identifiable information (PII)

Organizational Controls
A.5.35 high

Independent review of information security

Organizational Controls
A.5.36 high

Compliance with policies, rules and standards for information security

Organizational Controls
A.5.37 medium

Documented operating procedures

Organizational Controls
A.5.5 medium

Contact with authorities

Organizational Controls
A.5.6 low

Contact with special interest groups

Organizational Controls
A.5.8 high

Information security in project management

Organizational Controls
A.5.7 high

Threat intelligence

Organizational Controls
A.5.9 high

Inventory of information and other associated assets

Organizational Controls
A.5.4 high

Management responsibilities

Organizational Controls

Assess ISO 27001 Organizational Controls

Track every control, collect evidence, and generate audit-ready reports with AuditFront.

Start Free Assessment