ISO 27001:2022 Thirty-Seven Organisational Controls. Three New Since 2022. Most Implementations Treat Them as Policies. The Standard Treats Them as Operational Obligations.
Most ISO 27001 Annex A.5 controls are implemented as policies—but policies are not controls. This blog explains how to demonstrate operational evidence for organisational controls.