When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this for ISO 27001 Annex A controls that should appear in Dataview dashboards.
---type: controlstandard: ISO27001control_id: ""control_name: ""control_family: ""status: draftpriority: mediumrelated_assets: []related_threats: []related_vulnerabilities: []related_risks: []related_evidence: []related_audit_questions: []owner: ""review_frequency: quarterlyimplementation_status: not_startedevidence_status: missingexam_relevance: mediumsoftware_objects: - control - evidencecreated: 2026-06-03updated: 2026-06-03tags: - iso27001 - annex_a - control---
# {{title}}
## Control Purpose
Explain why this control exists.
## Risk Logic
Use this chain:
<RiskFlowDiagram steps={[{"label":"Asset"},{"label":"Threat"},{"label":"Vulnerability"},{"label":"Risk"},{"label":"Control"},{"label":"Evidence"},{"label":"Audit"}]} ariaLabel="Risk logic flow"/>
## Related Risks
-
## Implementation Activities
-
## Evidence Required
-
## Audit Questions
-
## ISO 27005 Link
Explain the risk management logic behind the control.
## ISO 27002 Link
Summarize the implementation guidance in your own words.
## Software Architecture Mapping
Relevant objects:
- control- evidence- risk- audit_question- Template
- Iso27001
- Control
Note Metadata
Source: 99-Templates/Template-Control-Card.md