# Access Control

While [authorization](../Standards/ISO27x/about/Authorization.md) is primarily concerned with establishing the policies and rules that dictate access (i.e. *what* a person or system is allowed to do), **access control** is the _system_ or _process_ that enforces those defined permissions.

See:
- [Gedachten over rechtenstructuren](../Information%20Security/Gedachten%20over%20rechtenstructuren.md)
- [Authorization vs Access Control](Authorization%20vs%20Access%20Control.md)
- [Access Control Models](Access%20Control%20Models.md)
- [ISO 27001 A 9 Access control](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%209%20Access%20control.md)
- [a-5.15-Access-control](../Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md)