Overview of Annex A and ISO 27002
A comprehensive orientation to ISO 27001:2022 Annex A — the 4-domain, 93-control architecture, the 5 control attributes introduced in the 2022 revision, the relationship between ISO 27001 and ISO 27002, how to read control entries effectively, and the roadmap for Section 5's deep dives into each control domain.
Explore Resource
Organizational Controls (Domain 5)
A practitioner's guide to all 39 organizational controls in Annex A — covering policies and governance, threat intelligence, asset management, information classification, access governance, supplier security, incident management, business continuity, and regulatory compliance — with implementation guidance and Indonesian regulatory context throughout.
Explore Resource
People Controls (Domain 6)
A practitioner's deep dive into all 8 people controls — covering pre-employment screening, employment security obligations, information security awareness and training, disciplinary process, departure security, confidentiality agreements, remote working, and incident reporting — with implementation guidance, complete onboarding and offboarding checklists, and Indonesian employment law context.
Explore Resource
Physical Controls (Domain 7)
A complete practitioner reference for all 14 physical controls — covering physical perimeters, entry controls, physical security monitoring (new in 2022), environmental protections, clear desk policy, equipment security, supporting utilities, cabling, maintenance, and secure disposal — with a scope applicability matrix for different organization types and a comprehensive pre-audit physical security checklist.
Explore Resource
Technological Controls (Domain 8)
A complete practitioner reference for all 34 technological controls — covering access and identity, operational security, configuration management, data protection, resilience, logging and monitoring, infrastructure security, cryptography, and the full secure development lifecycle — with deep dives into all 7 new 2022 controls, the top 7 audit findings in Domain 8, and Indonesian regulatory context throughout.
Explore Resource
Mapping Controls to Risks
A practical guide to building and maintaining a controls-to-risk traceability matrix that connects the risk register, Statement of Applicability, risk treatment plan, evidence library, and regulatory obligations into a single navigable framework — satisfying auditors, management, and regulators simultaneously.
Explore Resource
Statement of Applicability (SoA)
How to produce, justify, and maintain the Statement of Applicability as the central reference document for your organization's control decisions — covering the four mandatory elements, the full column architecture, applicability decision types with quality standards, worked SoA entries for five controls including three new 2022 controls, the SoA lifecycle, and the pre-audit quality assurance checklist.
Explore Resource