ISO 27001 contains 11 domains that cover the following key areas:
Security policy – management direction.
Organisation of information security – governance of information security.
Asset management – inventory and classification of information assets.
Human resources security – security aspects for employees joining, moving and leaving an organisation.
Physical and environmental security – protection of the computer facilities.
Communications and operations management – management of technical security controls in systems and networks.
Access control – restriction of access rights to networks, systems, applications, functions and data.
Information systems acquisition, development and maintenance – building security into applications.
Information security incident management – anticipating and responding appropriately to information security breaches.Business continuity management – protecting, maintaining and recovering business-critical processes and systems.
Compliance – ensuring conformance with information security policies, standards, laws and regulations