| A.5.1 – Policies for information security | Security policies and risk management |
| A.5.14 – Information security in supplier relationships | Supply chain cybersecurity |
| A.6.1 – Information security awareness, education, and training | Staff training and awareness |
| A.7.4 – Protection of records | Log retention and data integrity |
| A.8.1 – Access control policy | Access control mechanisms |
| A.10.1 – Cryptographic controls | Encryption and cryptography |
| A.12.3 – Backup | Data backup and recovery |
| A.15.1 – Management of information security incidents | Incident response and reporting |
| A.17.1 – Information security continuity | Business continuity |
| A.18.1 – Compliance with legal and contractual requirements | Legal and regulatory compliance |
