top of page
  • Writer's pictureScott Naisbett

How does ISO 27001 help to protect your organisation?

Data and information protection is now a hot topic for the government, businesses and the public, particularly after significant cyber-attacks have drawn attention to the security weaknesses of large businesses and organisations such as NHS hospitals and local councils.

To help all organisations, large and small, keep their information safe and their reputations intact, the ISO (International Organisation for Standardisation) developed ISO 27001, the Standard for information security management.

This Standard helps organisations to create a framework for an information security management system (ISMS), which helps to protect your information from cyber-attack, hacks, theft and data leaks by developing best practice.

But ISO 27001 goes beyond IT. To give organisations the security they need, this comprehensive Standard encompasses all aspects of a business, developing risk management throughout for a robust culture of security.

This means that you will develop processes that cover the legal, physical, human and technical aspects of your organisation, protecting both digital and physical assets.

To do this, the Standard includes a diverse set of controls.

What controls does ISO 27001 include?

The wide and in-depth scope of this Standard contains 114 separate controls. Each control has been developed to help businesses cover the various aspects of information protection. All controls are implemented unless they are not relevant to your organisation’s particular activities.

These controls are gathered together in a section known as Annex A, which is then split up into 14 categories. These categories cover everything from developing an information policy to creating access processes.

You can see the full list of categories below:

Annex A.5: Information security policies

Annex A.6: Organisation of information security

Annex A.7: Human resource security

Annex A.8: Asset management

Annex A.9: Asset control

Annex A.10: Cryptography

Annex A.11: Physical and environmental security

Annex A.12: Operations security

Annex A.13: Communications security

Annex A.14: System acquisition, development and maintenance

Annex A.15: Supplier relationships

Annex A.16: Information security incident management

Annex A.17: Information security aspects of business continuity management

Annex A.18: Compliance

By applying these controls, you can ensure that your organisation remains compliant with the latest regulations and legislation, stays up to date through continual improvement and boasts robust risk management.

To find out more about the controls of ISO 27001 and what they involve, head over to our dedicated web page.

If you wish to discuss your information security requirements, you can contact our ISMS Lead Implementer Scott Naisbett -


bottom of page