ISO 27001 Annex A structure
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
(I wanted to know if you can help me by informing why Annex A of ISO 27001 starts with the number A5)
Answer: ISO 27001 Annex A is based on British Standard BS 7799-1 (Information technology - Code of practice for information security management ), which had the following structure:
Foreword
0 introduction
1 scope
2 terms and definitions
3 structure of this standard
4 risk assessment and treatment
5 security policy
6 organization of information security
7 asset management
8 human resources security
9 physical and environmental security
10 communications and operations management
11 access control
12 information systems acquisition, development and maintenance
13 information security incident management
14 business continuity management
15 compliance
Bibliography
Index
So, when this content was incorporated to ISO 27001 Annex A, version 2005, to facilitate the transition for those who used the BS standard, the names and section numbers from sections 5 to 15 of the old BS 7799-1 were kept, only including the "A." to indicate they are part of the ISO 27001 Annex. When ISO 27001 was updated to version 2013 this sequence was maintained.
Comment as guest or Sign in
Oct 31, 2017