Vault restructure

Corpus/Standards/ISO27x/ISO 27001 Approaching Annex A.md

@@ -0,0 +1,9 @@
+When you start with ISO 27001, the key to looking at this bewildering list of controls is not to see this as a todo list or an implementation plan, but as a checklist, asking yourself for each control: how are we doing this at the moment?
+
+Because if you have a sensible approach to your information, your devices and the services you use, chances are you have actually implemented most of them, at least partially. Let's start with some low-hanging fruit:
+
+- [ ] Examples of 'common' controls.
+	- [ ] backups
+	- [ ] cryptography
+	- [ ] physical security
+	- [ ] password protection