ISO 27001 Domains, Control Objectives, and Controls

ISO 27001 has for the second 11 Domains, 39 Control Objectives, and 130+ Controls. Following is a list of the Domains and Control Objectives.

1. Security strategy

Information security strategy

Objective: To give the executives direction and backing to Information security as per business prerequisites and applicable regulations and guidelines.

2. Organization of information security

Internal organization

Objective: To oversee Information security inside the association.

Outside parties

Objective: To keep up with the security of the organization’s Information and Information handling facilities that are accessed to, handled, conveyed to, or managed by an external party.

3. Resource the executives

Obligation regarding resources

Objective: To accomplish and keep up with the proper assurance of hierarchical resources.

Information classification

Objective: To guarantee that Information gets a proper degree of assurance.

4. HR security

Preceding to employment

Objective: To guarantee that representatives, workers for hire, and outsider clients figure out their obligations, and are appropriate for the jobs they are considered for, and to lessen the gamble of burglary, misrepresentation, or abuse of offices.

During work

Objective: To guarantee that all representatives, project workers, and third party clients know about Information security risks and concerns, their obligations and liabilities, and are prepared to help authoritative security strategy throughout their ordinary work, and to lessen the risk of human blunder.

End or change of employment

Objective: To guarantee that representatives, project workers, and third-party clients leave an organization or changes work in an efficient orderly way.

Also, Check –>>ISO 27001 Standard- Here is how to stay with Certification   

5. Physical and ecological security

Secure regions

Objective: To forestall unapproved actual access, harm, and obstruction to the organization’s premises and data.

Equipment security

Objective: To forestall misfortune, harm, robbery, or split the difference of resources and interference with the organization’s exercises.

6. Communication and operation management

Functional methods and obligations

Objective: To guarantee the right and secure activity of Information handling facilities.

Third-party assistance conveyance 

Objective: To execute and keep up with the suitable degree of Information security and administration conveyance following third-party assistance conveyance arrangements.

7. Access control

Business prerequisite for access control

Objective: To control admittance to data.

Client access to the executives

Objective: To guarantee approved client access and forestall unapproved admittance to Information frameworks.

Client obligations

Objective: To forestall unapproved client access, and split the difference or burglary of Information and Information handling facilities.

Network access control

Objective: To forestall unapproved admittance to arranged administrations.

Working framework access control

Objective: To forestall unapproved admittance to working frameworks.

8. Information frameworks acquisition, advancement, and support

Security necessities of Information frameworks

Objective: To guarantee that security is an essential piece of the Information system.

Right handling in applications

Objective: To forestall blunders, misfortune, unapproved adjustments, or abuse of Information in applications.

Cryptographic controls

Objective: To safeguard the secrecy, credibility, or respectability of Information by cryptographic means.

9. Information security incident management

Announcing Information security events and shortcomings

Objective: To guarantee Information security events and shortcomings related to Information frameworks are imparted in a way permitting convenient remedial moves to be made.

The management of Information security incidents and enhancements

Objective: To guarantee a predictable and powerful methodology is applied to the administration of Information security occurrences.

Also, Check –>> ISO 27001 Certification steps

10. Business continuity management 

Information security parts of business congruity management

Objective: To neutralize interferences to business exercises and safeguard basic business processes from the impacts of significant disappointments of Information frameworks or disasters and guarantee their convenient resumption.

11. Compliance

Consistency with lawful necessities

Objective: To keep away from breaks of any regulation, legal, administrative or authoritative commitments, and of any security necessities.

Consistency with security approaches and principles, and specialized consistence

Objective: To guarantee the consistency of frameworks with hierarchical security approaches and guidelines.

Information frameworks audit contemplations

Objective: To amplify the adequacy of and limit obstruction to/from the Information frameworks review process.

These are 11 domains of ISO 27001 Certification.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s