Branch protection rules are repository settings in platforms like GitHub, GitLab, or Bitbucket that prevent unauthorized code merges into protected branches (typically main/master). Configurable rules include required reviews, status checks, signed commits, and linear history.
In an ISMS, branch protection rules support implementation of ISO 27001 Annex A controls A.8.25 (Secure Development), A.8.9 (Configuration Management), and A.8.32 (Change Management). They enforce the four-eyes principle for code changes and ensure that automated tests (CI) must pass before code reaches production. In practice, you combine branch protection with code review, automated tests, and a defined release process.