ISO 27001 FAQ

The 7 mandatory clauses which you are required to comply with are clauses 4 to 10. Clauses 1 to 3 deal with scope of the document, normative references and terms and definitions.

Clause 4

You are required to identify the internal and external issues that are relevant to your organisation’s purpose.

You are also required to identify any parties that have an interest in your organisation’s ability to provide adequate security for your information and you need to determine what the needs of those parties are.

Clause 4 also requires that the scope of your ISMS is determined and that not only is the ISMS established and implemented, but that it is also maintained and continually improved.

Clause 5

It requires that your organisation’s top management demonstrates effective information security-related leadership, establishes an information security policy and assigns appropriate roles, responsibilities and authorities.

Clause 6

It requires that your organisation plans how you will take action to address risks and opportunities as well as how you will perform information security-related risk assessments.

There is also a requirement, at this point, to identify how suitable treatments for the identified risks will be determined.

Another requirement of Clause 6 is that you identify a suitable set of information security objectives.

These objectives need to be aligned with the output of the risk assessment and be consistent with your information security policy and your organisation’s overall business objectives. You also need to develop plans that detail how the objectives are going to be achieved.

Clause 7

It deals with several requirements that need to be implemented in order to effectively support your ISMS.

You will need to ensure that people are competent to perform their roles and that appropriate training and awareness is provided.

There is also a requirement for you to determine communications relevant to your ISMS and to meet various documentation requirements.

Clause 8

You are required to ensure that any processes needed to meet the security requirements of your organisation are planned, implemented and controlled.

Specifically, you must ensure that plans made in Clause 6 are implemented including the risk assessment process and the risk treatment plan. You are also required, within Clause 8, to control planned changes and to keep documentation as evidence of processes being carried out.

Clause 9

It enables you to check to see if your efforts and your ISMS are working. This is achieved through the use of internal audit, management review and through monitoring, measurement, analysis and evaluation of activities.

Clause 10

You are required to ensure there is continual improvement and any nonconformities you have identified are corrected and prevented from reoccurring.
‍

ISO 27001 overview

Never miss a thing

Stay in the loop

Please provide your contact details and we will email you with any future changes to ISO 27001 (and the implications!).

URM’s consultants have assisted over 350 organisations achieve and maintain certification to ISO 27001.

Find out more

related BLog

Governance, Risk Management and Compliance

Information Security

ISO 27001

Top Tips For Implementing an Effective ISO 27001 Information Security Management System (ISMS)

Latest update:

26 May

2023

URM provides some top tips for achieving an effective and successful information security management system implementation

Information Security

updateD:

11/4/2023

10 Top Tips for Keeping Information Secure When Homeworking

In this blog, we aim to provide 10 top tips to enable you to keep important information assets safe and secure whilst working remotely.

Information Security

updateD:

2/3/2023

ISO/IEC 27001:2022 Key Changes

Following the publication of ISO/IEC 27001:2022 on 25 October 2022, this blog will provide you with our high-level analysis of the key changes.

Information Security

updateD:

21/2/2023

How Secure is Zoom?

Many organisations have had to adapt very quickly to the rapidly changing restrictions brought in across the globe to help combat the spread of COVID-19.

URM were super helpful and knowledgeable, talking and walking me through each one of the tests and providing some useful information on security and how to improve things in the future.

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.

ISO 27001 Frequently Asked Questions

Stay in the loop

Top Tips For Implementing an Effective ISO 27001 Information Security Management System (ISMS)

Let us help you

ISO 27001
Frequently Asked Questions