- Information security policies
- Organization of Information Security
- Human Resource Security
- Asset Management
- Access Control
- Cryptography
- Physical and Environmental Security
- Operations Security
- Communications
- System acquisition, development & maintenance
- Supplier Relationships
- Information Security Incident Management
- Business Continuity Management
- Compliance