11 sections · 150 audit questions · every article, annex and clause · v2022-10-25
This page lists every regulatory leaf of ISO/IEC 27001 in the order it appears in the regulation — each article, annex and clause. The audit checklist treats every leaf as a separate audit row, including the permissive ones.
Click a row's citation to jump to it. The audit-question count shows how many auditable rows the checklist generates from that leaf (zero means the leaf is informational only).
| Citation | Kind | Title | Audit questions |
|---|---|---|---|
| Annex A.5 | Annex | Organisational controls | 37 |
| Annex A.6 | Annex | People controls | 8 |
| Annex A.7 | Annex | Physical controls | 14 |
| Annex A.8 | Annex | Technological controls | 34 |
| Clause 4 | Clause | Context of the organization | 6 |
| Clause 5 | Clause | Leadership | 10 |
| Clause 6 | Clause | Planning | 16 |
| Clause 7 | Clause | Support | 10 |
| Clause 8 | Clause | Operation | 3 |
| Clause 9 | Clause | Performance evaluation | 6 |
| Clause 10 | Clause | Improvement | 6 |
The Compliance Matrix is the verification document — every paragraph in scope on one PDF. The audit checklist bundle is the per-question working document (150 questions, 5 artefact formats).