Controls (Annex A) A.5: Information Security Policies – Controlling how policies are written and revised A.6: Information Security Organization – Controls on how responsibilities are assigned; also includes controls for mobile devices A.7: Human Resources Security – Pre-employment, during and after employment controls A.8: Asset management – Asset inventory and acceptable use controls; also for information classification and media...