Back to Frameworks
ISO 27001:2022
International
v2022
5 domains
56 controls
International standard for establishing, implementing, maintaining and continually improving an information security management system (ISMS)
Verified
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (5)
Clause 0 – ISO 27001:2022
2 controls
| Code | Title |
|---|---|
| iso-27001-2022::0.1 | General |
| iso-27001-2022::0.2 | Compatibility with other management system standards |
Clause 9 – ISO 27001:2022
5 controls
| Code | Title |
|---|---|
| iso-27001-2022::9.2.1 | General |
| iso-27001-2022::9.2.2 | Internal audit programme |
| iso-27001-2022::9.3.1 | General |
| iso-27001-2022::9.3.2 | Management review inputs |
| iso-27001-2022::9.3.3 | Management review results |
Organizational controls – ISO 27001:2022
37 controls
| Code | Title |
|---|---|
| iso-27001-2022::5.1 | Policies for information secu- Control |
| iso-27001-2022::5.10 | Acceptable use of information Control |
| iso-27001-2022::5.11 | Return of assets Control |
| iso-27001-2022::5.12 | Classification of information Control |
| iso-27001-2022::5.13 | Labelling of information Control |
| iso-27001-2022::5.14 | Information transfer Control |
| iso-27001-2022::5.15 | Access control Control |
| iso-27001-2022::5.16 | Identity management Control |
| iso-27001-2022::5.17 | Authentication information Control |
| iso-27001-2022::5.18 | Access rights Control |
| iso-27001-2022::5.19 | Information security in supplier Control |
| iso-27001-2022::5.2 | Information security roles and Control |
| iso-27001-2022::5.20 | Addressing information security Control |
| iso-27001-2022::5.21 | Managing information security Control |
| iso-27001-2022::5.22 | Monitoring, review and change Control |
| iso-27001-2022::5.23 | Information security for use of Control |
| iso-27001-2022::5.24 | Information security incident Control |
| iso-27001-2022::5.25 | Assessment and decision on in- Control |
| iso-27001-2022::5.26 | Response to information security Control |
| iso-27001-2022::5.27 | Learning from information se- Control |
| iso-27001-2022::5.28 | Collection of evidence Control |
| iso-27001-2022::5.29 | Information security during Control |
| iso-27001-2022::5.3 | Segregation of duties Control |
| iso-27001-2022::5.30 | ICT readiness for business con- Control |
| iso-27001-2022::5.31 | Legal, statutory, regulatory and Control |
| iso-27001-2022::5.32 | Intellectual property rights Control |
| iso-27001-2022::5.33 | Protection of records Control |
| iso-27001-2022::5.34 | Privacy and protection of person- Control |
| iso-27001-2022::5.35 | Independent review of informa- Control |
| iso-27001-2022::5.36 | Compliance with policies, rules Control |
| iso-27001-2022::5.37 | Documented operating proce- Control |
| iso-27001-2022::5.4 | Management responsibilities Control |
| iso-27001-2022::5.5 | Contact with authorities Control |
| iso-27001-2022::5.6 | Contact with special interest Control |
| iso-27001-2022::5.7 | Threat intelligence Control |
| iso-27001-2022::5.8 | Information security in project Control |
| iso-27001-2022::5.9 | Inventory of information and Control |
People controls – ISO 27001:2022
8 controls
| Code | Title |
|---|---|
| iso-27001-2022::6.1 | Screening Control |
| iso-27001-2022::6.2 | Terms and conditions of em- Control |
| iso-27001-2022::6.3 | Information security awareness, Control |
| iso-27001-2022::6.4 | Disciplinary process Control |
| iso-27001-2022::6.5 | Responsibilities after termination Control |
| iso-27001-2022::6.6 | Confidentiality or non-disclosure Control |
| iso-27001-2022::6.7 | Remote working Control |
| iso-27001-2022::6.8 | Information security event re- Control |
Physical controls – ISO 27001:2022
4 controls
| Code | Title |
|---|---|
| iso-27001-2022::7.1 | Physical security perimeters Control |
| iso-27001-2022::7.2 | Physical entry Control |
| iso-27001-2022::7.3 | Securing offices, rooms and fa- Control |
| iso-27001-2022::7.4 | Physical security monitoring Control |
Your Compliance Coverage
If you comply with ISO 27001:2022, you already cover:
ISO 27701:2019
46%
26 controls mapped
Compare →ISO 27002:2022
34%
19 controls mapped
Compare →ISO 45001:2018
29%
16 controls mapped
Compare →+ 76 more: ISO 9001:2015 (29%), ISO 22000:2018 (29%)
See all 79 mapped frameworks ↓Maps to 79 other frameworks
56 total controls
ISO 27701:2019
26 source controls mapped|24 target controls covered
46%
ISO 27002:2022
19 source controls mapped|19 target controls covered
34%
ISO 45001:2018
16 source controls mapped|16 target controls covered
29%
ISO 9001:2015
16 source controls mapped|17 target controls covered
29%
ISO 22000:2018
16 source controls mapped|17 target controls covered
29%
ISO 14001:2015
15 source controls mapped|15 target controls covered
27%
ISO 37301:2021
15 source controls mapped|17 target controls covered
27%
ISO 50001:2018 - Energy Management Systems
12 source controls mapped|12 target controls covered
21%
ISO/IEC 42001:2023
12 source controls mapped|11 target controls covered
21%
ISO 22301:2019
12 source controls mapped|11 target controls covered
21%
ISO 37001:2016
12 source controls mapped|12 target controls covered
21%
ISO 55001:2014
10 source controls mapped|9 target controls covered
18%
CFTC System Safeguards (17 CFR 37, 38, 39, 49)
8 source controls mapped|1 target controls covered
14%
ISO/IEC 29100:2024
8 source controls mapped|2 target controls covered
14%
ISO 27018
8 source controls mapped|1 target controls covered
14%
ISO/IEC 27018:2019
8 source controls mapped|1 target controls covered
14%
ISO 13485:2016
6 source controls mapped|3 target controls covered
11%
ISO 14004:2016
6 source controls mapped|3 target controls covered
11%
ISO 27018:2019
6 source controls mapped|6 target controls covered
11%
ISO 31000:2018
5 source controls mapped|3 target controls covered
9%
ISO/IEC TR 24028:2020
4 source controls mapped|2 target controls covered
7%
CCSDS 350.0-G-3 - Space Communications Security (Consultative Committee for Space Data Systems)
3 source controls mapped|3 target controls covered
5%
ISO/IEC 27011:2024
3 source controls mapped|3 target controls covered
5%
ISO 19011:2018
3 source controls mapped|9 target controls covered
5%
ISO/IEC 27010:2015
3 source controls mapped|3 target controls covered
5%
API 1164
3 source controls mapped|2 target controls covered
5%
ISO 56002
3 source controls mapped|14 target controls covered
5%
ISO 37301
3 source controls mapped|2 target controls covered
5%
ISO 9001
3 source controls mapped|2 target controls covered
5%
ISO 41001:2018 - Facility Management Systems
3 source controls mapped|14 target controls covered
5%
ISO 39001:2012 - Road Traffic Safety Management
3 source controls mapped|14 target controls covered
5%
ISO 37002:2021 - Whistleblowing Management Systems
3 source controls mapped|14 target controls covered
5%
ISO 22313:2020 - Guidance on Business Continuity Management Systems
3 source controls mapped|12 target controls covered
5%
AS9100D - Aerospace Quality Management System
3 source controls mapped|4 target controls covered
5%
ISO/IEC 27003:2017
3 source controls mapped|6 target controls covered
5%
ISO 28001:2007 Supply Chain Security Management
3 source controls mapped|2 target controls covered
5%
ISO 45001
3 source controls mapped|2 target controls covered
5%
ISO 30401
3 source controls mapped|2 target controls covered
5%
ASIS SPC.1-2009 - Organizational Resilience Standard
3 source controls mapped|3 target controls covered
5%
ISO 22000
3 source controls mapped|2 target controls covered
5%
ISO/IEC 27031:2011
3 source controls mapped|2 target controls covered
5%
ISO 55001
3 source controls mapped|2 target controls covered
5%
ISO 19011
2 source controls mapped|2 target controls covered
4%
ISO/IEC 25012:2008 - Data Quality Model
2 source controls mapped|4 target controls covered
4%
CMMC 2.0
2 source controls mapped|2 target controls covered
4%
Australian Energy Sector Cyber Security Framework (AESCSF)
2 source controls mapped|2 target controls covered
4%
ISO 37001
2 source controls mapped|1 target controls covered
4%
ISO 27005:2022
2 source controls mapped|1 target controls covered
4%
EIOPA Guidelines on ICT Security and Governance (EIOPA-BoS-20/600)
2 source controls mapped|1 target controls covered
4%
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07)
2 source controls mapped|1 target controls covered
4%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
2 source controls mapped|1 target controls covered
4%
BRCGS Global Standard for Food Safety Issue 9
2 source controls mapped|1 target controls covered
4%
C-TPAT - Customs-Trade Partnership Against Terrorism
2 source controls mapped|1 target controls covered
4%
CISA Industrial Control Systems (ICS) Security Guidance
2 source controls mapped|1 target controls covered
4%
Protective Security Policy Framework (PSPF) Release 2024
2 source controls mapped|1 target controls covered
4%
Digital Services Act (DSA) - Regulation (EU) 2022/2065
1 source controls mapped|1 target controls covered
2%
ISO/IEC 17025:2017 - General Requirements for Testing and Calibration
1 source controls mapped|1 target controls covered
2%
ISO/IEC 17025:2017 - General Requirements for Testing and Calibration Laboratories
1 source controls mapped|3 target controls covered
2%
ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence
1 source controls mapped|2 target controls covered
2%
AICPA SOC 3
1 source controls mapped|1 target controls covered
2%
NY DFS 23 NYCRR 500
1 source controls mapped|1 target controls covered
2%
FFIEC IT Examination Handbook
1 source controls mapped|1 target controls covered
2%
FFIEC Cybersecurity Assessment Tool (CAT)
1 source controls mapped|1 target controls covered
2%
AML/CTF Act 2006 (Australia)
1 source controls mapped|1 target controls covered
2%
Equator Principles (EP4, 2020)
1 source controls mapped|1 target controls covered
2%
APRA CPS 230 Operational Risk Management
1 source controls mapped|1 target controls covered
2%
ISO 10005:2005
1 source controls mapped|1 target controls covered
2%
CMMC 2.0 Level 1
1 source controls mapped|1 target controls covered
2%
ISO 14064 - Greenhouse Gas Accounting and Verification (Parts 1-3)
1 source controls mapped|1 target controls covered
2%
Australia NHMRC National Statement on Ethical Conduct in Human Research
1 source controls mapped|1 target controls covered
2%
EDM Council CDMC - Cloud Data Management Capability Framework
1 source controls mapped|1 target controls covered
2%
C5 (Germany)
1 source controls mapped|1 target controls covered
2%
ISO 27017:2015
1 source controls mapped|1 target controls covered
2%
Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134)
1 source controls mapped|1 target controls covered
2%
Canada ITSG-33 - IT Security Risk Management
1 source controls mapped|1 target controls covered
2%
OWASP ASVS
1 source controls mapped|1 target controls covered
2%
FBI CJIS Security Policy
1 source controls mapped|1 target controls covered
2%
ISO/IEC 38500:2024
1 source controls mapped|2 target controls covered
2%
APRA CPS 220 Risk Management
1 source controls mapped|1 target controls covered
2%
Frequently Asked Questions
What is ISO 27001:2022?
ISO 27001:2022 is a compliance framework from International with 5 domains and 56 controls. International standard for establishing, implementing, maintaining and continually improving an information security management system (ISMS) It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does ISO 27001:2022 have?
ISO 27001:2022 has 56 controls organised across 5 domains. The largest domains are Organizational controls – ISO 27001:2022 (37 controls), People controls – ISO 27001:2022 (8 controls), Clause 9 – ISO 27001:2022 (5 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does ISO 27001:2022 map to?
ISO 27001:2022 maps to 79 other compliance frameworks. The top mapping partners are ISO 27701:2019 (46% coverage), ISO 27002:2022 (34% coverage), ISO 45001:2018 (29% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with ISO 27001:2022 compliance?
Start your ISO 27001:2022 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISO 27001:2022 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 56 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required