Annex A is the normative annex to ISO 27001:2022, containing 93 reference controls organized into four themes: organizational, people, physical, and technological controls. Each control has a number (e.g., A.5.1) and a short title.
Within an ISMS, you use Annex A as the reference catalog when preparing the Statement of Applicability (SoA, ISO 27001 Clause 6.1.3 d). For each control, you document whether it applies, how it is implemented, and — if not applicable — the justification. The controls in Annex A are intentionally formulated as a minimum scope; your organization may define additional measures. The corresponding implementation guidance is found in ISO 27002:2022.