ISO/IEC 27001: Annex A

A critical distinction between an Information Security Management System (ISMS) and a Quality Management System (QMS) is that ISMS Annex A contains requirements (controls) that are subject to audit.  This is different from a QMS.  If you are an existing QMS organization that is integrating ISMS, ensure you do not overlook ISMS Annex A.

Annex A is directly derived from and aligned with controls listed in ISO/IEC 27002:2022 and shall be used in context with Clause 6.1.3.  It consists of 93 controls, divided into 4 chapters (clauses 5-8).

Please note that certain text from the ISO 27001 standard is only used for instructional purposes. Standard Stores recognizes and respects the International Organization for Standardization (ISO) copyright and intellectual property guidelines.


Our All-in-One Certification Package is a proven, efficient system. It gives you all you need to prepare for certification – in one simple to use package.

Customer Review:

"I have just passed my Audit with zero non-conformances for the second year in a row using your ISO products to write my entire QMS. Thank you for producing documents of this quality"

Bettye Patrick

Buy the Standard

27001 Store Logo  ISO 27001:2022