annex-a
Safeguard articles tagged "annex-a" — guides, analysis, and best practices for software supply chain and application security.
4 articles
ISO 27001 application security: the Annex A controls that govern your code
ISO/IEC 27001:2022 added and sharpened Annex A controls for secure development and technical vulnerabilities. Here's how they apply to application and supply chain security.
ISO 27001 Annex A controls guide: the software and supplier set
ISO/IEC 27001:2022 restructured Annex A into 93 controls and added new ones for secure development and supply chain. Here is the subset that lands on engineering teams and how to evidence it.
Implementing the ISO 27001:2022 Revision in 2026
The transition window to the 2022 revision of ISO 27001 closed in October 2025. Here is what we have learned from helping organizations implement it cleanly.
ISO 27001 Annex A Controls That Touch Your Build Pipeline
ISO 27001:2022 has 93 Annex A controls, and about a dozen land squarely on CI/CD. Here's the control-by-control map from clause number to pipeline artifact.