ISO IEC 27001 2013 Annex A Plain English Introduction

ISO IEC 27001 2013 is a generic information security management standard.


ISO IEC 27001 2013 includes a section called Annex A. This Annex lists
information security control objectives and information security controls
and is taken directly from ISO IEC 27002 2013 sections 5 to 18.

Below, you will find a brief overview of ISO IEC 27001 2013 Annex A
and therefore ISO IEC 27002 2013 (since Annex A is essentially an
outline of this standard):

  1. Security Policy Management
  2. Corporate Security Management
  3. Personnel Security Management
  4. Organizational Asset Management
  5. Information Access Management
  6. Cryptography Policy Management
  7. Physical Security Management
  8. Operational Security Management
  9. Network Security Management
  10. System Security Management
  11. Supplier Relationship Management
  12. Security Incident Management
  13. Security Continuity Management
  14. Security Compliance Management

The list above starts with the number 5 because both Annex A and
the ISO IEC 27002 2013 information security standard start there.


ISO IEC 27001 2013 section 6.1.3 expects you to use Annex A, and
any other suitable resources, to "produce a Statement of Applicability
that contains the necessary controls"
. Your task is to select all of the
information security controls that you need in order to implement
the risk treatment options that you're expected to choose and the
risk treatment plan that you're expected to develop according to
section 6.1.3 of ISO IEC 27001 2013.


Introduction to ISO IEC 27001 2013

Plain English Outline of ISO IEC 27001 2013

Plain English Overview of ISO IEC 27001 2013

ISO IEC 27000 2014 Definitions in Plain English

ISO IEC 27001 2013 Translated into Plain English

ISO IEC 27001 2005 versus ISO IEC 27001 2013

Plain English Information Security Checklist

Information Security Gap Analysis Tool

ISO IEC 27002 2013 PAGES

ISO IEC 27002 2013 Introduction

Overview of ISO IEC 27002 2013 Standard

Information Security Control Objectives

How to Use ISO IEC 27002 2013 Standard

ISO IEC 27002 2013 versus ISO IEC 27002 2005

ISO IEC 27002 2013 Translated into Plain English

ISO IEC 27002 2013 Information Security Audit Tool

Plain English ISO IEC 27002 2013 Security Checklist

Updated on September 24, 2014. First published on November 12, 2013.

Home Page

Our Libraries

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

Praxiom Research Group Limited        780-461-4514

Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright 2013 - 2014 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited