When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this when creating a reusable control card that maps ISO/IEC 27001 Annex A, ISO/IEC 27002 guidance, ISO/IEC 27005 risk logic, evidence, audit questions, and software objects.
---type: control-cardstandard: ISO 27001control_id: ""control_name: ""status: draftcontrol_theme: ""related_risks: []related_assets: []related_threats: []related_vulnerabilities: []evidence_required: []audit_questions: []software_objects: []tags: - iso27001 - iso27002 - annex-a - controlcreated: YYYY-MM-DDupdated: YYYY-MM-DD---
# {{control_id}} - {{control_name}}
## 1. Control Purpose
Explain the control purpose in your own words.
## 2. Risk Logic
Use this chain:
<CoreRiskChain ariaLabel="Risk logic flow" />
## 3. Related Assets
List the assets this control may protect.
## 4. Related Threats
List relevant threats.
## 5. Related Vulnerabilities
List relevant vulnerabilities.
## 6. Risk Scenarios
Create one or more risk scenarios that justify this control.
## 7. Implementation Activities
List the activities required to operate this control.
## 8. Required Evidence
List evidence that proves the control exists and operates.
## 9. Audit Questions
List questions an auditor may ask.
## 10. Metrics / KPIs
Define possible control effectiveness metrics.
## 11. Software Object Mapping
Map the control to entities such as risk, control, evidence, audit, finding, incident, supplier, or policy.
## 12. Related Notes
- [ISO 27001 Knowledge Base MOC](/research/10-iso-27001-knowledge-base/iso-27001-knowledge-base-moc)- [ISO 27002 Knowledge Base MOC](/research/11-iso-27002-knowledge-base/iso-27002-knowledge-base-moc)- [ISO 27005 Knowledge Base MOC](/research/12-iso-27005-knowledge-base/iso-27005-knowledge-base-moc)Related notes
- Template
- Iso27001
- Iso27002
- Control card
Note Metadata
Aliases: Control Card Template
Source: 90 Templates/Template Control Card.md