The adoption of ISO 27001 certification has continued to grow over the years, both nationally and internationally. As management system standards go, ISO 27001 is unique in that it includes a control set for organizations implementing or maintaining an information security management system (ISMS) to consider when addressing their information security risk. That control set, known as Annex A of ISO 27001 and expanded upon in ISO 27002, is about to change.