ISO/IEC 27001: Annex A
A critical distinction between an Information Security Management System (ISMS) and a Quality Management System (QMS) is that ISMS Annex A contains requirements (controls) that are subject to audit. This is different from a QMS. If you are an existing QMS organization that is integrating ISMS, ensure you do not overlook ISMS Annex A.
Annex A is directly derived from and aligned with controls listed in ISO/IEC 27002:2022 and shall be used in context with Clause 6.1.3. It consists of 93 controls, divided into 4 chapters (clauses 5-8).
Please note that certain text from the ISO 27001 standard is only used for instructional purposes. Standard Stores recognizes and respects the International Organization for Standardization (ISO) copyright and intellectual property guidelines.