{"id":10058,"date":"2026-04-24T18:20:12","date_gmt":"2026-04-24T12:50:12","guid":{"rendered":"https:\/\/mitigata.com\/blog\/?p=10058"},"modified":"2026-04-24T18:25:02","modified_gmt":"2026-04-24T12:55:02","slug":"iso-27001-controls-checklist","status":"publish","type":"post","link":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/","title":{"rendered":"ISO 27001 Controls Checklist &#038; 2022 New Controls (Annex A Guide)"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"10058\" class=\"elementor elementor-10058\">\n\t\t\t\t<div class=\"elementor-element elementor-element-456e1e3 e-flex e-con-boxed e-con e-parent\" data-id=\"456e1e3\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1c9c566 elementor-widget elementor-widget-text-editor\" data-id=\"1c9c566\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>What if your organisation already has security controls in place\u2026 but the ones attackers actually exploit aren\u2019t even on your checklist?<\/p><p>According to IBM\u2019s Cost of a Data Breach Report 2025, the global average cost of a breach has climbed to $4.44 million. Even more telling, organisations that lack structured security frameworks tend to face higher costs and longer recovery times. For organisations holding sensitive data, the question is no longer whether to implement structured security controls, but which framework to use.<\/p><p>ISO\/IEC 27001 is the answer for organisations worldwide. It is the only internationally recognised standard for an Information Security Management System (ISMS). At its core is Annex A: a structured control library of 93 security controls.<\/p><p>This guide walks you through the ISO 27001 controls checklist in a way that\u2019s clear and usable. You\u2019ll see how Annex A is structured, what changed in the 2022 update, and how to apply these controls without overcomplicating your compliance efforts.<\/p><h2><b>Mitigata \u2013 Your Complete ISO 27001 Compliance Partner<\/b><\/h2><p>Mitigata, India\u2019s top cyber resilience company with solutions across insurance, security and compliance, can be your best partner in the compliance journey. Our platform serves as a central hub, helping businesses to manage the entire ISO 27001 process with ease.<\/p><p>Over 800+ businesses across <b>25+<\/b> industries trust us to simplify compliance, reduce risks, and prepare them for audits.<\/p><h3><b>Here\u2019s what our platform &#8211; Gordon offers:<\/b><\/h3><ul><li><b>Automate Compliance<\/b> \u2013 It automates repetitive tasks such as evidence gathering, monitoring, and reminders for pending actions.<\/li><li><b>Risk Management<\/b> \u2013 It provides a real-time overview of organisational risks. It uses automated risk registers to track threats and maintain libraries of known vulnerabilities, enabling early identification of potential problems.<\/li><li><b>Documentation<\/b> \u2013 It helps organise all documentation, policies, and evidence in one place.<\/li><li><b>Expert Support<\/b> \u2013 It provides round-the-clock access to expert support, helping with gap assessments, ISMS setup, policy creation, and more.<\/li><li><b>Training<\/b> \u2013 Mitigata offers free training on educating employees about their role in maintaining information security.<\/li><li><b>VAPT Services<\/b> \u2013 Run vulnerability scans and penetration tests to detect and fix real security gaps fast.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-2918690 e-flex e-con-boxed e-con e-parent\" data-id=\"2918690\" data-element_type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-36e6984 e-con-full e-flex e-con e-child\" data-id=\"36e6984\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6e5a1f4 elementor-widget elementor-widget-heading\" data-id=\"6e5a1f4\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">One Tool to Manage Your \n\n<span style=\"color:#04DB7F\">End-to-End ISO 27001 Process<\/span><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7b4b2ba elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"7b4b2ba\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c168b88 elementor-widget elementor-widget-text-editor\" data-id=\"c168b88\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Use Gordon to handle everything, from scope analysis and risk to audits and even staff training.<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a11660b elementor-align-left elementor-widget elementor-widget-button\" data-id=\"a11660b\" data-element_type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/mitigata.com\/bookDemo\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Talk to Our Experts today!<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-9757309 e-con-full e-flex e-con e-child\" data-id=\"9757309\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a65a946 elementor-widget elementor-widget-image\" data-id=\"a65a946\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2025\/06\/Green-and-White-Modern-Computer-Service-Repair-Logo.png\" class=\"attachment-medium size-medium wp-image-3615\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-a7719ce e-flex e-con-boxed e-con e-parent\" data-id=\"a7719ce\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5eb66e1 elementor-widget elementor-widget-text-editor\" data-id=\"5eb66e1\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2><b>What Are ISO 27001 Annex A Controls?<\/b><\/h2><p>ISO 27001 Annex A Controls are designed to ensure that an organisation&#8217;s information assets maintain the CIA (Confidentiality, Integrity, and Availability) required to protect the core tenets of confidentiality and information privacy.<\/p><p>Organisations choose their applicable controls from Annex A because it offers an implementation menu that differs from traditional prescriptive requirements.<\/p><p>The risk-based methodology of ISO 27001 enables organisations of all sizes and industry sectors to use the standard. The organisation must determine which controls to use based on its existing threat model, rather than necessarily implementing the 93 standard controls.<\/p><h2><b>From 14 Domains to 4 Categories: What Changed in ISO 27001:2022?<\/b><\/h2><p>The previous framework includes ISO 27001 (2013), which contains 14 controls distributed across 14 domains, including Asset Management and Cryptography. The 2022 revision replaced these with four streamlined categories, improving the framework&#8217;s usability by aligning it with current business operations.<\/p><table style=\"width: 100%; border-collapse: collapse; font-family: Arial, sans-serif;\"><thead><tr style=\"background-color: #04db7f; color: #000; text-align: center;\"><th style=\"padding: 10px; border: 1px solid #ddd;\">ISO 27001:2013 (14 Domains)<\/th><th style=\"padding: 10px; border: 1px solid #ddd;\">ISO 27001:2022 (4 Categories)<\/th><\/tr><\/thead><tbody><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.5 \u2013 A.18 (14 clause domains)<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Organisational Controls (37)<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">114 total controls<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">People Controls (8)<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Redundant overlaps across domains<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Physical Controls (14)<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Less aligned with cloud\/remote work<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Technological Controls (34)<\/td><\/tr><\/tbody><\/table><blockquote><p>Think your systems are secure? A proper <a href=\"https:\/\/mitigata.com\/blog\/what-is-vapt-explained\/\"><b><i>VAPT assessment<\/i><\/b><\/a> reveals hidden vulnerabilities most teams completely overlook.<\/p><\/blockquote><h2><b>ISO 27001 Controls Checklist: The 4-Category Breakdown<\/b><\/h2><p>Use this high-level ISO 27001 controls checklist to understand what each category covers and how many controls fall under each:<\/p><table style=\"width: 100%; border-collapse: collapse; font-family: Arial, sans-serif;\"><thead><tr style=\"background-color: #04db7f; color: #000; text-align: center;\"><th style=\"padding: 10px; border: 1px solid #ddd;\">Category<\/th><th style=\"padding: 10px; border: 1px solid #ddd;\"># of Controls<\/th><th style=\"padding: 10px; border: 1px solid #ddd;\">Primary Focus<\/th><\/tr><\/thead><tbody><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Organisational Controls (A.5)<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">37<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Governance, policies, risk management, supplier security<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">People Controls (A.6)<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">8<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Employee screening, training, HR security, and remote work<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Physical Controls (A.7)<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">14<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Facility security, equipment protection, and secure disposal<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Technological Controls (A.8)<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">34<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">IAM, encryption, monitoring, secure development, logging<\/td><\/tr><\/tbody><\/table><h2><b>Deep Dive: ISO 27001 Annex A Control Categories Explained<\/b><\/h2><h3><b>(A.5) Organisational Controls &#8211; Governance &amp; Risk Management<\/b><\/h3><p>With 37 controls, this is the largest category and serves as the governance backbone of your ISMS. It covers information security policies, access control frameworks, supplier security management, legal and regulatory compliance, and incident management procedures.<\/p><p>Key controls include:<\/p><table style=\"width: 100%; border-collapse: collapse; font-family: Arial, sans-serif;\"><thead><tr style=\"background-color: #04db7f; color: #000; text-align: center;\"><th style=\"padding: 10px; border: 1px solid #ddd;\">Control<\/th><th style=\"padding: 10px; border: 1px solid #ddd;\">Title<\/th><th style=\"padding: 10px; border: 1px solid #ddd;\">What It Requires<\/th><\/tr><\/thead><tbody><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.5.1<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Policies for information security<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Documented, approved, and communicated security policies<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.5.2<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Information security roles and responsibilities<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Named ownership for security functions<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.5.5<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Contact with authorities<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Defined contacts with law enforcement and regulators<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.5.7<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Threat intelligence<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">New in 2022 &#8211; proactive collection and analysis of threat data<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.5.15<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Access control<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Policy governing access to information and systems<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.5.19<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Information security in supplier relationships<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Security requirements built into vendor contracts<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.5.23<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Information security for use of cloud services<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">New in 2022 &#8211; security requirements specific to cloud providers<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.5.24<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Information security incident management planning<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Documented incident response procedures<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.5.30<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">ICT readiness for business continuity<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">New in 2022 &#8211; IT systems designed to support recovery<\/td><\/tr><\/tbody><\/table>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-203282a e-flex e-con-boxed e-con e-parent\" data-id=\"203282a\" data-element_type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-5253a1c e-con-full e-flex e-con e-child\" data-id=\"5253a1c\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-d517be3 elementor-widget elementor-widget-heading\" data-id=\"d517be3\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Get ISO 27001 Certified \n\n<span style=\"color:#04DB7F\">Without Breaking Your Budget<\/span><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8dfb691 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"8dfb691\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7fbe677 elementor-widget elementor-widget-text-editor\" data-id=\"7fbe677\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Test the platform for free, explore all features, and see why our pricing beats the rest.<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-db85202 elementor-align-left elementor-widget elementor-widget-button\" data-id=\"db85202\" data-element_type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/mitigata.com\/bookDemo\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Talk to Our Experts today!<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-0f9cf7a e-con-full e-flex e-con e-child\" data-id=\"0f9cf7a\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-943d97b elementor-widget elementor-widget-image\" data-id=\"943d97b\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2025\/06\/Green-and-White-Modern-Computer-Service-Repair-Logo.png\" class=\"attachment-medium size-medium wp-image-3615\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-6edae32 e-flex e-con-boxed e-con e-parent\" data-id=\"6edae32\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a2ee425 elementor-widget elementor-widget-text-editor\" data-id=\"a2ee425\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><b>(A.6) People Controls &#8211; The Human Firewall<\/b><\/h3><p>Verizon&#8217;s 2023 DBIR report states that human error causes approximately <b>74%<\/b> of all data breaches. People Controls protects this security risk by implementing employee screening systems, conducting security training programs, enforcing disciplinary actions for policy breaches and establishing remote work security protocols.<\/p><table style=\"width: 100%; border-collapse: collapse; font-family: Arial, sans-serif;\"><thead><tr style=\"background-color: #04db7f; color: #000; text-align: center;\"><th style=\"padding: 10px; border: 1px solid #ddd;\">Control<\/th><th style=\"padding: 10px; border: 1px solid #ddd;\">Title<\/th><th style=\"padding: 10px; border: 1px solid #ddd;\">What It Requires<\/th><\/tr><\/thead><tbody><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.6.1<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Screening<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Pre-employment background verification<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.6.2<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Terms and conditions of employment<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Security responsibilities documented in contracts<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.6.3<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Information security awareness, education and training<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Ongoing security training for all staff<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.6.4<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Disciplinary process<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Defined consequences for security policy violations<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.6.5<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Responsibilities after termination or change of employment<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Access revocation and data return on departure<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.6.6<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Confidentiality or non-disclosure agreements<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">NDAs covering information security obligations<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.6.7<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Remote working<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">New in 2022 &#8211; controls for distributed and hybrid work<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.6.8<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Information security event reporting<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Mechanism for staff to report security incidents<\/td><\/tr><\/tbody><\/table><h3><b>(A.7) Physical Controls &#8211; Securing the Physical Layer<\/b><\/h3><p>Physical security requirements are mandatory compliance obligations that organisations must fulfil throughout their cloud-first operations.<\/p><p>The 14 controls establish requirements for securing office spaces and building perimeters, protecting equipment from theft or damage, ensuring secure disposal of media and devices, and protecting against environmental and natural-disaster threats.<\/p><table style=\"width: 100%; border-collapse: collapse; font-family: Arial, sans-serif;\"><thead><tr style=\"background-color: #04db7f; color: #000; text-align: center;\"><th style=\"padding: 10px; border: 1px solid #ddd;\">Control<\/th><th style=\"padding: 10px; border: 1px solid #ddd;\">Title<\/th><th style=\"padding: 10px; border: 1px solid #ddd;\">What It Requires<\/th><\/tr><\/thead><tbody><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.7.1<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Physical security perimeters<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Defined and secured boundaries for sensitive areas<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.7.2<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Physical entry<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Controlled access to secure zones<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.7.4<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Physical security monitoring<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">New in 2022 &#8211; surveillance of sensitive areas<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.7.6<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Working in secure areas<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Procedures for operating within sensitive spaces<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.7.8<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Equipment siting and protection<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Protection from environmental and physical threats<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.7.10<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Storage media<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Secure management of portable storage devices<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.7.14<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Secure disposal or re-use of equipment<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Verified data destruction before disposal or reuse<\/td><\/tr><\/tbody><\/table><blockquote><p>VPNs aren\u2019t as secure as you think. Here\u2019s a <a href=\"https:\/\/mitigata.com\/blog\/smarter-alternative-to-vpns\/\"><b><i>VPN alternative<\/i><\/b><\/a> modern teams are quietly switching to.<\/p><\/blockquote><h3><b>(A.8) Technological Controls &#8211; Your Digital Defence Layer<\/b><\/h3><p>The most expansive technical category, with 34 controls, directly aligned with modern security frameworks such as Zero Trust.<\/p><p>Key controls include:<\/p><table style=\"width: 100%; border-collapse: collapse; font-family: Arial, sans-serif;\"><thead><tr style=\"background-color: #04db7f; color: #000; text-align: center;\"><th style=\"padding: 10px; border: 1px solid #ddd;\">Control<\/th><th style=\"padding: 10px; border: 1px solid #ddd;\">Title<\/th><th style=\"padding: 10px; border: 1px solid #ddd;\">What It Requires<\/th><\/tr><\/thead><tbody><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.8.2<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Privileged access rights<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Controlled allocation and use of admin privileges<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.8.5<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Secure authentication<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">MFA and strong authentication for all systems<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.8.8<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Management of technical vulnerabilities<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Vulnerability scanning and patch management<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.8.10<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Information deletion<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">New in 2022 &#8211; secure and compliant data disposal<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.8.11<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Data masking<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">New in 2022 &#8211; protection of sensitive data in non-production environments<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.8.12<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Data leakage prevention<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">New in 2022 &#8211; controls preventing unauthorised data exfiltration<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.8.16<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Monitoring activities<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">New in 2022 &#8211; ongoing oversight of systems and user behaviour<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.8.23<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Web filtering<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">New in 2022 &#8211; controls on access to malicious web content<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.8.25<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Secure development life cycle<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Security requirements across the full SDLC<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.8.28<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Secure coding<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">New in 2022 &#8211; embedding security into software development<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">A.8.34<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Protection of information systems during audit testing<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Safeguards during audit activities<\/td><\/tr><\/tbody><\/table>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-9c42761 e-flex e-con-boxed e-con e-parent\" data-id=\"9c42761\" data-element_type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-9a97d40 e-con-full e-flex e-con e-child\" data-id=\"9a97d40\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-892f9ad elementor-widget elementor-widget-heading\" data-id=\"892f9ad\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Simplify ISO 27001\n\n<span style=\"color:#04DB7F\"> Compliance Today<\/span><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-91ca80c elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"91ca80c\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dad552a elementor-widget elementor-widget-text-editor\" data-id=\"dad552a\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><b>Achieve ISO 27001 compliance faster with Mitigata&#8217;s expert led compliance readiness services.<\/b><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1eedc42 elementor-align-left elementor-widget elementor-widget-button\" data-id=\"1eedc42\" data-element_type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/mitigata.com\/bookDemo\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Talk to Our Experts today!<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-b945d68 e-con-full e-flex e-con e-child\" data-id=\"b945d68\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-d676749 elementor-widget elementor-widget-image\" data-id=\"d676749\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2025\/06\/Green-and-White-Modern-Computer-Service-Repair-Logo.png\" class=\"attachment-medium size-medium wp-image-3615\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-e0fd594 e-flex e-con-boxed e-con e-parent\" data-id=\"e0fd594\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-24566f4 elementor-widget elementor-widget-text-editor\" data-id=\"24566f4\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2><b>ISO 27001 2022 New Controls: 11 Additions You Need to Know<\/b><\/h2><p>The ISO 27001:2022 update streamlined Annex A from 114 controls (in the 2013 version) to 93 controls, which were divided into four intuitive categories. The following are the new controls:<\/p><table style=\"width: 100%; border-collapse: collapse; font-family: Arial, sans-serif;\"><thead><tr style=\"background-color: #04db7f; color: #000; text-align: center;\"><th style=\"padding: 10px; border: 1px solid #ddd;\">New ISO 27001 Control<\/th><th style=\"padding: 10px; border: 1px solid #ddd;\">Why It Matters<\/th><\/tr><\/thead><tbody><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Threat Intelligence<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Proactive identification of emerging threat actors and TTPs<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Data Masking<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Protects sensitive data in non-production environments<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Data Leakage Prevention (DLP)<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Stops unauthorised exfiltration of sensitive information<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Web Filtering<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Controls access to malicious or non-compliant web content<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Secure Coding<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Embeds security into the software development process<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">ICT Readiness for Business Continuity<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Ensures IT systems support recovery and resilience plans<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Remote Working Security<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Addresses risks of distributed and hybrid work models<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Physical Security Monitoring<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Surveillance of sensitive areas for unauthorised access<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Configuration Management<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Secure baseline configurations for hardware and software<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Information Deletion<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Ensures secure and compliant data disposal<\/td><\/tr><tr><td style=\"padding: 10px; border: 1px solid #ddd;\">Monitoring Activities<\/td><td style=\"padding: 10px; border: 1px solid #ddd;\">Ongoing oversight of systems and user behaviour<\/td><\/tr><\/tbody><\/table><p><b>The Statement of Applicability: The Most Critical Document in ISO 27001<\/b><\/p><p>When you&#8217;re undergoing your information security risk treatment process, you need to go through Annex A to determine what controls your specific organisation needs and verify that no necessary controls have been omitted.<\/p><p>The output of that process is the Statement of Applicability (SoA), the single most important document in your ISO 27001 certification.<\/p><p>Your SoA must document every one of the 93 Annex A controls with:<\/p><ul><li>Applicability decision \u2014 included or excluded from your ISMS<\/li><li>Justification \u2014 why each decision was made, tied to your risk assessment<\/li><li>Implementation status \u2014 planned, in progress, or operational<\/li><li>Control owner \u2014 the named individual responsible<\/li><\/ul><blockquote><p>Struggling with compliance delays? The right <a href=\"https:\/\/mitigata.com\/blog\/best-iso-27001-compliance-tools\/\"><b><i>ISO 27001 tools<\/i><\/b><\/a> can simplify and speed up everything.<\/p><\/blockquote><h2><b>How to Build an Effective ISO 27001 Controls Checklist<\/b><\/h2><p>Building an ISO 27001 controls checklist involves five steps: conducting a formal risk assessment, mapping identified risks to Annex A controls, documenting applicability decisions in your Statement of Applicability, implementing selected controls with measurable KPIs and named ownership, and establishing continuous monitoring and internal audit cycles.<\/p><p>Follow these five steps:<\/p><ol><li>Conduct a formal risk assessment to identify threats and vulnerabilities<\/li><li>Mapping identified risks to relevant Annex A controls<\/li><li>Document applicability decisions in the Statement of Applicability (SoA)<\/li><li>Implement selected controls with measurable KPIs and ownership<\/li><li>Establish continuous monitoring, internal audit, and management review cycles<\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-8e85754 e-flex e-con-boxed e-con e-parent\" data-id=\"8e85754\" data-element_type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-9f1453f e-con-full e-flex e-con e-child\" data-id=\"9f1453f\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-eb09b3c elementor-widget elementor-widget-heading\" data-id=\"eb09b3c\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Fast-Track Your \n\n<span style=\"color:#04DB7F\">ISO 27001 Readiness<\/span><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-559fec1 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"559fec1\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a9c6347 elementor-widget elementor-widget-text-editor\" data-id=\"a9c6347\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Get audit-ready frameworks, expert guidance, and faster ISO 27001 certification outcomes.<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9c30b7b elementor-align-left elementor-widget elementor-widget-button\" data-id=\"9c30b7b\" data-element_type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/mitigata.com\/bookDemo\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Talk to Our Experts today!<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-9ef8a72 e-con-full e-flex e-con e-child\" data-id=\"9ef8a72\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5e14fdc elementor-widget elementor-widget-image\" data-id=\"5e14fdc\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2025\/06\/Green-and-White-Modern-Computer-Service-Repair-Logo.png\" class=\"attachment-medium size-medium wp-image-3615\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-2c7eae7 e-flex e-con-boxed e-con e-parent\" data-id=\"2c7eae7\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-aa23e63 elementor-widget elementor-widget-text-editor\" data-id=\"aa23e63\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2><b>Common ISO 27001 Implementation Mistakes to Avoid<\/b><\/h2><p>The following are the common ISO 27001 Implementation mistakes to avoid:<\/p><ul><li>Treating Annex A as a checkbox exercise rather than a risk-driven process<\/li><li>Implementing all 93 controls without a risk assessment to justify inclusion<\/li><li>Ignoring documentation requirements, an incomplete SoA is a top audit failure reason<\/li><li>Neglecting continuous monitoring and assuming a one-time implementation is sufficient<\/li><li>Overlooking the 11 new ISO 27001 2022 controls when migrating from the 2013 standard<\/li><\/ul><h2><b>Conclusion<\/b><\/h2><p>The 2022 update modernised the standard for today&#8217;s threat environment: cloud security, remote work, AI-driven threats, and data leakage are now explicitly addressed. The 11 new controls reflect gaps in the 2013 standard that real-world attacks have exploited.<\/p><p>If your organisation is still operating under a 2013 certification, the transition deadline has passed. Act now.<\/p><p><a href=\"https:\/\/mitigata.com\/bookDemo\">Talk with our experts<\/a> today and accelerate your ISO 27001 compliance.<\/p><h2><b>Frequently Asked Questions (FAQs)<\/b><\/h2><h3><b>1. How many controls are in ISO 27001:2022?<\/b><\/h3><p>ISO 27001:2022 Annex A contains 93 controls organised into 4 categories: Organisational (37), People (8), Physical (14), and Technological (34). This is a reduction from 114 controls in the 2013 version.<\/p><h3><b>2. What were the 14 controls of ISO 27001?<\/b><\/h3><p>The &#8217;14 controls&#8217; reference the 14 domain-based clauses in ISO 27001:2013, ranging from Information Security Policies (A.5) to Compliance (A.18). These have been consolidated into 4 streamlined categories in the 2022 update.<\/p><h3><b>3. What are the new ISO 27001 controls in 2022?<\/b><\/h3><p>ISO 27001:2022 introduced 11 new controls, including Threat Intelligence, Data Masking, Data Leakage Prevention, Web Filtering, Secure Coding, ICT Readiness for Business Continuity, Remote Working, and Physical Security Monitoring.<\/p><h3><b>4. Is it mandatory to implement all 93 Annex A controls?<\/b><\/h3><p>No. ISO 27001 is a risk-based framework. Organisations must select applicable controls based on their risk assessment and justify the inclusion or exclusion of each control in their Statement of Applicability (SoA).<\/p><h3><b>5. What is an ISO 27001 controls checklist?<\/b><\/h3><p>An ISO 27001 controls checklist is a structured document mapping all Annex A controls to your organisation&#8217;s risk profile, implementation status, responsible owner, and audit evidence. It is a core component of certification readiness.<\/p><h3><b>6. When must organisations transition to ISO 27001:2022?<\/b><\/h3><p>Organisations certified under ISO 27001:2013 had until October 31, 2025, to transition to the 2022 version. New certifications are issued only under the 2022 standard.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-37d024c e-flex e-con-boxed e-con e-parent\" data-id=\"37d024c\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-fa36ba2 elementor-widget elementor-widget-html\" data-id=\"fa36ba2\" data-element_type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<script type=\"application\/ld+json\">\r\n{\r\n  \"@context\": \"https:\/\/schema.org\/\", \r\n  \"@type\": \"Product\", \r\n  \"name\": \"ISO 27001 Controls Checklist: Complete Guide to Annex A\",\r\n  \"image\": \"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2026\/04\/Blog-Cover-Images-8.png\",\r\n  \"description\": \"Understand the ISO 27001 controls checklist with a complete breakdown of Annex A, including 93 controls, 4 categories, and key updates in ISO 27001:2022.\",\r\n  \"brand\": {\r\n    \"@type\": \"Brand\",\r\n    \"name\": \"Mitigata\"\r\n  },\r\n  \"aggregateRating\": {\r\n    \"@type\": \"AggregateRating\",\r\n    \"ratingValue\": \"4.7\",\r\n    \"ratingCount\": \"3315\"\r\n  }\r\n}\r\n<\/script>\r\n<script type=\"application\/ld+json\">\r\n{\r\n  \"@context\": \"https:\/\/schema.org\",\r\n  \"@type\": \"FAQPage\",\r\n  \"mainEntity\": [{\r\n    \"@type\": \"Question\",\r\n    \"name\": \"How many controls are in ISO 27001:2022?\",\r\n    \"acceptedAnswer\": {\r\n      \"@type\": \"Answer\",\r\n      \"text\": \"ISO 27001:2022 Annex A contains 93 controls organised into 4 categories: Organisational (37), People (8), Physical (14), and Technological (34). This is a reduction from 114 controls in the 2013 version.\"\r\n    }\r\n  },{\r\n    \"@type\": \"Question\",\r\n    \"name\": \"What were the 14 controls of ISO 27001?\",\r\n    \"acceptedAnswer\": {\r\n      \"@type\": \"Answer\",\r\n      \"text\": \"The '14 controls' reference the 14 domain-based clauses in ISO 27001:2013, ranging from Information Security Policies (A.5) to Compliance (A.18). These have been consolidated into 4 streamlined categories in the 2022 update.\"\r\n    }\r\n  },{\r\n    \"@type\": \"Question\",\r\n    \"name\": \"What are the new ISO 27001 controls in 2022?\",\r\n    \"acceptedAnswer\": {\r\n      \"@type\": \"Answer\",\r\n      \"text\": \"ISO 27001:2022 introduced 11 new controls, including Threat Intelligence, Data Masking, Data Leakage Prevention, Web Filtering, Secure Coding, ICT Readiness for Business Continuity, Remote Working, and Physical Security Monitoring.\"\r\n    }\r\n  },{\r\n    \"@type\": \"Question\",\r\n    \"name\": \"Is it mandatory to implement all 93 Annex A controls?\",\r\n    \"acceptedAnswer\": {\r\n      \"@type\": \"Answer\",\r\n      \"text\": \"No. ISO 27001 is a risk-based framework. Organisations must select applicable controls based on their risk assessment and justify the inclusion or exclusion of each control in their Statement of Applicability (SoA).\"\r\n    }\r\n  },{\r\n    \"@type\": \"Question\",\r\n    \"name\": \"What is an ISO 27001 controls checklist?\",\r\n    \"acceptedAnswer\": {\r\n      \"@type\": \"Answer\",\r\n      \"text\": \"An ISO 27001 controls checklist is a structured document mapping all Annex A controls to your organisation's risk profile, implementation status, responsible owner, and audit evidence. It is a core component of certification readiness.\"\r\n    }\r\n  },{\r\n    \"@type\": \"Question\",\r\n    \"name\": \"When must organisations transition to ISO 27001:2022?\",\r\n    \"acceptedAnswer\": {\r\n      \"@type\": \"Answer\",\r\n      \"text\": \"Organisations certified under ISO 27001:2013 had until October 31, 2025, to transition to the 2022 version. New certifications are issued only under the 2022 standard.\"\r\n    }\r\n  }]\r\n}\r\n<\/script>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>What if your organisation already has security controls in place\u2026 but the ones attackers actually exploit aren\u2019t even on your&hellip;<\/p>\n","protected":false},"author":20,"featured_media":10059,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-10058","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>ISO 27001 Controls Checklist: Complete Guide to Annex A<\/title>\n<meta name=\"description\" content=\"Understand the ISO 27001 controls checklist with a complete breakdown of Annex A, including 93 controls, 4 categories, and key updates in ISO 27001:2022.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO 27001 Controls Checklist &amp; 2022 New Controls (Annex A Guide)\" \/>\n<meta property=\"og:description\" content=\"Understand the ISO 27001 controls checklist with a complete breakdown of Annex A, including 93 controls, 4 categories, and key updates in ISO 27001:2022.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/\" \/>\n<meta property=\"og:site_name\" content=\"Mitigata Cyber insurance &amp; security blogs\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-24T12:50:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-24T12:55:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2026\/04\/Blog-Cover-Images-8.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Sarang\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@mitigata\" \/>\n<meta name=\"twitter:site\" content=\"@mitigata\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sarang\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/\"},\"author\":{\"name\":\"Sarang\",\"@id\":\"https:\/\/mitigata.com\/blog\/#\/schema\/person\/e9b816a60a27e5accda31ffdf00a8354\"},\"headline\":\"ISO 27001 Controls Checklist &#038; 2022 New Controls (Annex A Guide)\",\"datePublished\":\"2026-04-24T12:50:12+00:00\",\"dateModified\":\"2026-04-24T12:55:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/\"},\"wordCount\":2024,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/mitigata.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2026\/04\/Blog-Cover-Images-8.png\",\"articleSection\":[\"Cyber Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/\",\"url\":\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/\",\"name\":\"ISO 27001 Controls Checklist: Complete Guide to Annex A\",\"isPartOf\":{\"@id\":\"https:\/\/mitigata.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2026\/04\/Blog-Cover-Images-8.png\",\"datePublished\":\"2026-04-24T12:50:12+00:00\",\"dateModified\":\"2026-04-24T12:55:02+00:00\",\"description\":\"Understand the ISO 27001 controls checklist with a complete breakdown of Annex A, including 93 controls, 4 categories, and key updates in ISO 27001:2022.\",\"breadcrumb\":{\"@id\":\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#primaryimage\",\"url\":\"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2026\/04\/Blog-Cover-Images-8.png\",\"contentUrl\":\"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2026\/04\/Blog-Cover-Images-8.png\",\"width\":1200,\"height\":600,\"caption\":\"iso 27001 controls checklist\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/mitigata.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ISO 27001 Controls Checklist &#038; 2022 New Controls (Annex A Guide)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/mitigata.com\/blog\/#website\",\"url\":\"https:\/\/mitigata.com\/blog\/\",\"name\":\"Mitigata Cyber insurance & security blogs\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/mitigata.com\/blog\/#organization\"},\"alternateName\":\"Mitigata - smart cyber insurance\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/mitigata.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/mitigata.com\/blog\/#organization\",\"name\":\"Mitigata: Smart Cyber insurance\",\"url\":\"https:\/\/mitigata.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mitigata.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2025\/08\/Mitigata-Full-Stack-Logo-Black.png\",\"contentUrl\":\"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2025\/08\/Mitigata-Full-Stack-Logo-Black.png\",\"width\":648,\"height\":280,\"caption\":\"Mitigata: Smart Cyber insurance\"},\"image\":{\"@id\":\"https:\/\/mitigata.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/mitigata\",\"https:\/\/www.instagram.com\/mitigata_insurance\/\",\"https:\/\/www.linkedin.com\/company\/mitigata-insurance\/\"],\"legalName\":\"Mitigata Insurance Broker private limited\",\"foundingDate\":\"2021-07-30\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"51\",\"maxValue\":\"200\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/mitigata.com\/blog\/#\/schema\/person\/e9b816a60a27e5accda31ffdf00a8354\",\"name\":\"Sarang\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mitigata.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7a8c8419fea33fd25dfe946d37bbc058e927a49e654d5a42b9cf314cb13fa4f6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7a8c8419fea33fd25dfe946d37bbc058e927a49e654d5a42b9cf314cb13fa4f6?s=96&d=mm&r=g\",\"caption\":\"Sarang\"},\"description\":\"Sarang Ashokan is a cybersecurity content writer at Mitigata. He writes SEO-focused content that breaks down complex security topics into clear, easy-to-understand ideas. His work helps businesses make sense of cyber risks and stay better prepared, whether they come from a technical background or not.\",\"sameAs\":[\"www.linkedin.com\/in\/sarang-ashokan-b52b26401\"],\"url\":\"https:\/\/mitigata.com\/blog\/author\/sarang\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"ISO 27001 Controls Checklist: Complete Guide to Annex A","description":"Understand the ISO 27001 controls checklist with a complete breakdown of Annex A, including 93 controls, 4 categories, and key updates in ISO 27001:2022.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/","og_locale":"en_US","og_type":"article","og_title":"ISO 27001 Controls Checklist & 2022 New Controls (Annex A Guide)","og_description":"Understand the ISO 27001 controls checklist with a complete breakdown of Annex A, including 93 controls, 4 categories, and key updates in ISO 27001:2022.","og_url":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/","og_site_name":"Mitigata Cyber insurance &amp; security blogs","article_published_time":"2026-04-24T12:50:12+00:00","article_modified_time":"2026-04-24T12:55:02+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2026\/04\/Blog-Cover-Images-8.png","type":"image\/png"}],"author":"Sarang","twitter_card":"summary_large_image","twitter_creator":"@mitigata","twitter_site":"@mitigata","twitter_misc":{"Written by":"Sarang","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#article","isPartOf":{"@id":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/"},"author":{"name":"Sarang","@id":"https:\/\/mitigata.com\/blog\/#\/schema\/person\/e9b816a60a27e5accda31ffdf00a8354"},"headline":"ISO 27001 Controls Checklist &#038; 2022 New Controls (Annex A Guide)","datePublished":"2026-04-24T12:50:12+00:00","dateModified":"2026-04-24T12:55:02+00:00","mainEntityOfPage":{"@id":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/"},"wordCount":2024,"commentCount":0,"publisher":{"@id":"https:\/\/mitigata.com\/blog\/#organization"},"image":{"@id":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#primaryimage"},"thumbnailUrl":"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2026\/04\/Blog-Cover-Images-8.png","articleSection":["Cyber Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/","url":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/","name":"ISO 27001 Controls Checklist: Complete Guide to Annex A","isPartOf":{"@id":"https:\/\/mitigata.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#primaryimage"},"image":{"@id":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#primaryimage"},"thumbnailUrl":"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2026\/04\/Blog-Cover-Images-8.png","datePublished":"2026-04-24T12:50:12+00:00","dateModified":"2026-04-24T12:55:02+00:00","description":"Understand the ISO 27001 controls checklist with a complete breakdown of Annex A, including 93 controls, 4 categories, and key updates in ISO 27001:2022.","breadcrumb":{"@id":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#primaryimage","url":"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2026\/04\/Blog-Cover-Images-8.png","contentUrl":"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2026\/04\/Blog-Cover-Images-8.png","width":1200,"height":600,"caption":"iso 27001 controls checklist"},{"@type":"BreadcrumbList","@id":"https:\/\/mitigata.com\/blog\/iso-27001-controls-checklist\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/mitigata.com\/blog\/"},{"@type":"ListItem","position":2,"name":"ISO 27001 Controls Checklist &#038; 2022 New Controls (Annex A Guide)"}]},{"@type":"WebSite","@id":"https:\/\/mitigata.com\/blog\/#website","url":"https:\/\/mitigata.com\/blog\/","name":"Mitigata Cyber insurance & security blogs","description":"","publisher":{"@id":"https:\/\/mitigata.com\/blog\/#organization"},"alternateName":"Mitigata - smart cyber insurance","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mitigata.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mitigata.com\/blog\/#organization","name":"Mitigata: Smart Cyber insurance","url":"https:\/\/mitigata.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mitigata.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2025\/08\/Mitigata-Full-Stack-Logo-Black.png","contentUrl":"https:\/\/mitigata.com\/blog\/wp-content\/uploads\/2025\/08\/Mitigata-Full-Stack-Logo-Black.png","width":648,"height":280,"caption":"Mitigata: Smart Cyber insurance"},"image":{"@id":"https:\/\/mitigata.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/mitigata","https:\/\/www.instagram.com\/mitigata_insurance\/","https:\/\/www.linkedin.com\/company\/mitigata-insurance\/"],"legalName":"Mitigata Insurance Broker private limited","foundingDate":"2021-07-30","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"51","maxValue":"200"}},{"@type":"Person","@id":"https:\/\/mitigata.com\/blog\/#\/schema\/person\/e9b816a60a27e5accda31ffdf00a8354","name":"Sarang","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mitigata.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7a8c8419fea33fd25dfe946d37bbc058e927a49e654d5a42b9cf314cb13fa4f6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7a8c8419fea33fd25dfe946d37bbc058e927a49e654d5a42b9cf314cb13fa4f6?s=96&d=mm&r=g","caption":"Sarang"},"description":"Sarang Ashokan is a cybersecurity content writer at Mitigata. He writes SEO-focused content that breaks down complex security topics into clear, easy-to-understand ideas. His work helps businesses make sense of cyber risks and stay better prepared, whether they come from a technical background or not.","sameAs":["www.linkedin.com\/in\/sarang-ashokan-b52b26401"],"url":"https:\/\/mitigata.com\/blog\/author\/sarang\/"}]}},"_links":{"self":[{"href":"https:\/\/mitigata.com\/blog\/wp-json\/wp\/v2\/posts\/10058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mitigata.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mitigata.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mitigata.com\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/mitigata.com\/blog\/wp-json\/wp\/v2\/comments?post=10058"}],"version-history":[{"count":4,"href":"https:\/\/mitigata.com\/blog\/wp-json\/wp\/v2\/posts\/10058\/revisions"}],"predecessor-version":[{"id":10064,"href":"https:\/\/mitigata.com\/blog\/wp-json\/wp\/v2\/posts\/10058\/revisions\/10064"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mitigata.com\/blog\/wp-json\/wp\/v2\/media\/10059"}],"wp:attachment":[{"href":"https:\/\/mitigata.com\/blog\/wp-json\/wp\/v2\/media?parent=10058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mitigata.com\/blog\/wp-json\/wp\/v2\/categories?post=10058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mitigata.com\/blog\/wp-json\/wp\/v2\/tags?post=10058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}