Before embarking on an ISO 27001 certification attempt, all key stakeholders within an organization should become very familiar with how the standard is arranged and used. ISO 27001 is broken into 12 separate sections:
Introduction – describes what information security is and why an organization should manage risks.
Scope – covers high-level requirements for an ISMS to apply to all types or organizations.
Normative References – explains the relationship between ISO 27000 and 27001 standards.
Terms and Definitions – covers the complex terminology that is used within the standard.
Context of the Organization – explains what stakeholders should be involved in the creation and maintenance of the ISMS.
Leadership – describes how leaders within the organization should commit to ISMS policies and procedures.
Planning – covers an outline of how risk management should be planned across the organization.
Support – describes how to raise awareness about information security and assign responsibilities.
Operation – covers how risks should be managed and how documentation should be performed to meet audit standards.
Performance Evaluation – provides guidelines on how to monitor and measure the performance of the ISMS.
Improvement – explains how the ISMS should be continually updated and improved, especially following audits.
Reference Control Objectives and Controls – provides an annex detailing the individual elements of an audit.
Rede Consulting specializes in Security, Compliance and Automation. Feel free to contact us for your needs at info@rede-consulting.com or visit us at www.Rede-Consulting.com