ISO 27001 has for the second 11 Domains, 39 Control Objectives, and 130+ Controls. Following is a list of the Domains and Control Objectives.
1. Security strategy
Information security strategy
Objective: To give the executives direction and backing to Information security as per business prerequisites and applicable regulations and guidelines.
2. Organization of information security
Objective: To oversee Information security inside the association.
Objective: To keep up with the security of the organization’s Information and Information handling facilities that are accessed to, handled, conveyed to, or managed by an external party.
3. Resource the executives
Obligation regarding resources
Objective: To accomplish and keep up with the proper assurance of hierarchical resources.
Objective: To guarantee that Information gets a proper degree of assurance.
4. HR security
Preceding to employment
Objective: To guarantee that representatives, workers for hire, and outsider clients figure out their obligations, and are appropriate for the jobs they are considered for, and to lessen the gamble of burglary, misrepresentation, or abuse of offices.
Objective: To guarantee that all representatives, project workers, and third party clients know about Information security risks and concerns, their obligations and liabilities, and are prepared to help authoritative security strategy throughout their ordinary work, and to lessen the risk of human blunder.
End or change of employment
Objective: To guarantee that representatives, project workers, and third-party clients leave an organization or changes work in an efficient orderly way.
Also, Check –>>ISO 27001 Standard- Here is how to stay with Certification
5. Physical and ecological security
Objective: To forestall unapproved actual access, harm, and obstruction to the organization’s premises and data.
Objective: To forestall misfortune, harm, robbery, or split the difference of resources and interference with the organization’s exercises.
6. Communication and operation management
Functional methods and obligations
Objective: To guarantee the right and secure activity of Information handling facilities.
Third-party assistance conveyance
Objective: To execute and keep up with the suitable degree of Information security and administration conveyance following third-party assistance conveyance arrangements.
7. Access control
Business prerequisite for access control
Objective: To control admittance to data.
Client access to the executives
Objective: To guarantee approved client access and forestall unapproved admittance to Information frameworks.
Objective: To forestall unapproved client access, and split the difference or burglary of Information and Information handling facilities.
Network access control
Objective: To forestall unapproved admittance to arranged administrations.
Working framework access control
Objective: To forestall unapproved admittance to working frameworks.
8. Information frameworks acquisition, advancement, and support
Security necessities of Information frameworks
Objective: To guarantee that security is an essential piece of the Information system.
Right handling in applications
Objective: To forestall blunders, misfortune, unapproved adjustments, or abuse of Information in applications.
Objective: To safeguard the secrecy, credibility, or respectability of Information by cryptographic means.
9. Information security incident management
Announcing Information security events and shortcomings
Objective: To guarantee Information security events and shortcomings related to Information frameworks are imparted in a way permitting convenient remedial moves to be made.
The management of Information security incidents and enhancements
Objective: To guarantee a predictable and powerful methodology is applied to the administration of Information security occurrences.
Also, Check –>> ISO 27001 Certification steps
10. Business continuity management
Information security parts of business congruity management
Objective: To neutralize interferences to business exercises and safeguard basic business processes from the impacts of significant disappointments of Information frameworks or disasters and guarantee their convenient resumption.
Consistency with lawful necessities
Objective: To keep away from breaks of any regulation, legal, administrative or authoritative commitments, and of any security necessities.
Consistency with security approaches and principles, and specialized consistence
Objective: To guarantee the consistency of frameworks with hierarchical security approaches and guidelines.
Information frameworks audit contemplations
Objective: To amplify the adequacy of and limit obstruction to/from the Information frameworks review process.
These are 11 domains of ISO 27001 Certification.