You can implement controls from Annex A using several options – by writing policies and procedures, training people, deploying some physical safeguards, or applying some technical means.

Examples:
A company might implement controls in the following ways:
- Write Backup Policy to implement control A.8.13 Information backup.
- Send the internal auditor for an ISO 27001 Internal Auditor Course to implement control A.6.3 Information security awareness, education and training.
- Install reinforced doors to implement control A.7.2 Physical entry.
- Install anti-malware software to implement control A.8.7 Protection against malware.