ISO 27001
· 10 min readISO 27001:2022 — The Four Themes of Annex A
Organizational, people, physical and technological controls: how the 93-control 2022 revision reshapes ISMS implementation.
Published 18 September 2025 · Updated 22 March 2026
From 114 to 93 controls
The 2022 revision consolidated the Annex A control set from 114 into 93 controls, grouped into four themes: Organizational (37), People (8), Physical (14) and Technological (34).
Eleven controls are entirely new, including threat intelligence, cloud services, ICT readiness for business continuity, and secure coding.
The Statement of Applicability today
The SoA remains the anchor artefact — every included and excluded control must be justified. Auditors now expect explicit references to the new controls even where they are excluded.
Engage CHNYD Trace
Talk to a partner about ISO 27001 — scoping calls are complimentary.
Request consultation →