SlideShare ist ein Scribd-Unternehmen logo

Iso 27001 2013 Standard Requirements

‱Als DOCX, PDF herunterladen‱
‱
Uppala Anand
Uppala Anand

Here are the ISO 27001:2013 documentation, implementation and audit requirements. This document specified documentation, implementation and audit requirements for only ISO 27001, but not 114 controls specified in Annex A. I request IS practitioners to comment and suggest improvements.

BusinessTechnologie
1 von 9
ISO 27001: 2013 Standard Documentation, Implementation and Audit Requirements classified Clause Description Documentation Requirements Implementation Requirements Audit Requirements 4 Context of the organization 4.1 Understanding the organization and its context ‘About the Organization’ in the IS Policy document Understand the organization, its nature of business and defining it in the IS Policy document. Review the IS Policy document 4.2 Understanding the needs and expectations of interested parties ‘Target Audience’ in the IS Policy document Brainstorming with Management and including it in the IS Policy document. Review the IS Policy document 4.3 Determining the scope of the ISMS ‘ISMS Scope’ in the IS Policy document Brainstorming with Management and including it in the IS Policy document. Review the IS Policy document 4.4 ISMS The IS Policy document  Establishment of IS  Appointment of IS Manager  Conducting IS Trainings and Awareness  Defining RACI Review the IS Policy document
Clause Description Documentation Requirements Implementation Requirements Audit Requirements 5 Leadership 5.1 Leadership and commitment ISMS budget allocations, Assignment of competent IS Manager and required staff  Approval of the IS Policy  Allocation of funds  Appointment of IS Manager and other IS roles  Review and approval of ISMS changes  Review of ISMS performance  Check for ISMS head in budget  Identify IS Manager  Board approval for ISMS implementation activities 5.2 Policy IS Policy Development of the IS Policy Review the IS Policy document 5.3 Organizational roles, responsibilities and authorities  Appointment of IS Manager and required staff  Defining ISMS reporting structure  Defining RACI  IS responsibilities in Employee JD  Appointment of IS Manager and required competent staff  Development of ISMS reporting line  Development of RACI  Defining employee common IS responsibilities  Identify IS Manager  Review ISMS reporting structure  Review ISMS RACI  Review Employment documents
Clause Description Documentation Requirements Implementation Requirements Audit Requirements 6 Planning 6.1 Actions to address risks and opportunities - - - 6.1.1 General ISMS Risk Management Methodology Defining and documenting ISMS Risk Management Methodology Review ISMS Risk Management Methodology 6.1.2 IS Risk Assessment  Define Risk Assessment Process  List of Risk Owners Develop and document Risk Assessment Process including defining risk acceptance criteria, identifying risk owners Review Risk Assessment Process 6.1.3 IS Risk Treatment Define Risk Treatment Process and SoA Develop and document Risk Treatment Process including development of SoA Review Risk Treatment Process 6.2 IS Objectives and planning to achieve them Objectives in the IS Policy document Defining IS objectives of relevant functions and levels of the organization Review IS Policy
Clause Description Documentation Requirements Implementation Requirements Audit Requirements 7 Support 7.1 Resources  Appointment of required ISMS staff  Allocation of budget  Conducting Management Reviews Appointment of IS Manager, IS training and awareness  Identify ISMS Staff  Review ISMS staff responsibilities 7.2 Competence  IS Manager Job Description  IS Staff qualifications and experience  Appointment of competent IS Manager and required staff  Review IS Manager and staff qualifications 7.3 Awareness IS Training and Awareness activities (training materials, schedules, assessments, appreciations)  Conducting staff IS Training and awareness activities Review staff IS Training and Awareness activities 7.4 Communication List of ISMS Interested Parties, and Communication Plan  Identify and list ISMS Interested parties  Gather communication requirements and develop a plan Review list of interested parties and ISMS Communications Plan 7.5 Documented Information - - -
Clause Description Documentation Requirements Implementation Requirements Audit Requirements 7.5.1 General All documents identified as necessary by the ISO and Organization 7.5.2 Creating and Updating  ISMS Documentation Process  Revision/Document History to be included in all ISMS documentation  Document distribution List Define ISMS Documentation process  Review ISMS Documentation process  Check for Revision/Docume nt History in ISMS documentation 7.5.3 Control of documented information  List of all ISMS related Documents (policies, processes, procedures) and Records (Decisions, Change Records, Communications, Reports, Alerts, Logs)  Data Labeling process (distribution and access)  Data Retention & Archival process  Adding Revision/Document History for all ISMS documents (Labeling, Version control, list of changes)  Identification and gathering of all ISMS related documents and records  Defining controls for developing and maintaining documented information – including Revision/Document History, labeling, distribution, access, versioning and changes  Review of ISMS Documents and Records  Review documents labeling, distribution, version and change details
Clause Description Documentation Requirements Implementation Requirements Audit Requirements 8 Operation 8.1 Operational planning and control  Documents related to the IS operational plans, processes, procedures, actions implemented  ISMS Change Register  IS Communications, logs and reports  Third party security reports Identification of ISMS Operational plans and control activities Review ISMS operations and control activities 8.2 IS Risk Assessment Risk Assessment Reports Conducting Risk Assessment Review of periodic IS Risk Assessment reports 8.3 IS Risk Treatment Risk Treatment plans, actions and results Implementing Risk Treatment activities Review of IS Risk Treatment plans, actions and results 9 Performance Evaluation
Clause Description Documentation Requirements Implementation Requirements Audit Requirements 9.1 Monitoring, measurement, analysis and evaluation Documents, logs, periodic reports on IS Risks, Incidents and Changes  Identifying various IS Metrics to be monitored and measured.  Assigning monitoring responsibilities to the competent staff Review reports on various ISMS metrics, and measurements 9.2 Internal Audit Periodic Internal Audit Reports Defining Internal Audit Plans and procedures (including defining Audit Criteria (ISO 27001), conducting Internal Audits periodically and reporting to Management) Review Internal Audit reports and results 9.3 Management Review MR Meeting minutes/decision related to ISMS.  Ensuring Management reviews ISMS performance periodically  Management conducting periodic reviews on ISMS performance, status of previous issues, risk assessments reports, Audits, NCs, Corrective actions, and feedback)  Review ISMS performance reviews  Review results of MRs (Corrective actions) 10 Improvement
Clause Description Documentation Requirements Implementation Requirements Audit Requirements 10.1 Nonconformity and corrective action ISO 27001 ISMS NC Register along with corrective action details.  Developing and maintaining an NC Register  Defining procedures for ISMS NC corrective actions Review ISO ISMS NC Register and status of corrective actions and its results. 10.2 Continual improvement Periodic Risk Assessments reports, Audit reports, MRs and feedbacks.  Defining processes for deriving ISMS improvements through periodic risk assessments, internal and external audits, periodic MRs and interested parties feedback  Adding improvements to the ISMS policies, processes and procedures Review ISMS continual improvement on the basis of risk assessments, pervious audits reports, MRs and feedback.
The ISO 27001:2013 standard does not require the organizations to prepare a separate ISMS policy explicitly. However, the organizations can prepare it if they want. The organizations already having both IS Policy and ISMS Policy can continue or merge into one single IS Policy document with minor changes. About IS vs ISMS Information security (IS) is achieved through the implementation of an applicable set of controls. The controls are selected through the chosen risk management process and managed using an ISMS (Information Security Management System). The ISMS includes policies, processes, procedures, organizational structures, software and hardware to protect the identified information assets. - According to ISO 27000:2012 ISMS Vocabulary Document About IS Policy Vs ISMS Policy IS Policy is the responsibility of the Board / Senior Management. ISMS Policy is the responsibility of Executive Management. The board delegate IS responsibilities to the Management, which are achieved effective through establishing, operating, monitoring, reviewing, maintaining and improving the ISMS. - Explained in the PECB ISO 27001 Lead Implementer Course Material

Empfohlen

Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
Magda CHELLY, Ph.D, S-CISO, CISSPÂź
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
AvniJain836319
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
Akhil Garg
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
Pranay Kumar
 

Empfohlen

Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
Magda CHELLY, Ph.D, S-CISO, CISSPÂź
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
AvniJain836319
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
Akhil Garg
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
Pranay Kumar
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENT
Gaffri Johnson
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
SriramITISConsultant
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
Ralf Braga
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
PECB
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħùr Ãùlùm
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
khushboo
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
tschraider
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
Chap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseChap1 2007 Cisa Review Course
Chap1 2007 Cisa Review Course
Desmond Devendran
 
Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02
Waqas Ahmad
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
PECB
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
tschraider
 

Was ist angesagt? (20)

ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENT
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdf
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 

Ähnlich wie Iso 27001 2013 Standard Requirements

Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02
Waqas Ahmad
 
ISO27k ISMS implementation and certification process overview v2.pptx
ISO27k ISMS implementation and certification process overview v2.pptxISO27k ISMS implementation and certification process overview v2.pptx
ISO27k ISMS implementation and certification process overview v2.pptx
Napoleon NV
 
Developing A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramDeveloping A Risk Based Information Security Program
Developing A Risk Based Information Security Program
Tammy Clark
 

Ähnlich wie Iso 27001 2013 Standard Requirements (20)

Chap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseChap1 2007 Cisa Review Course
Chap1 2007 Cisa Review Course
 
Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
 
Auditing Information Security Management System Using ISO 27001 2013
Auditing Information Security Management System Using ISO 27001 2013Auditing Information Security Management System Using ISO 27001 2013
Auditing Information Security Management System Using ISO 27001 2013
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
 
ISO27k ISMS implementation and certification process overview v2.pptx
ISO27k ISMS implementation and certification process overview v2.pptxISO27k ISMS implementation and certification process overview v2.pptx
ISO27k ISMS implementation and certification process overview v2.pptx
 
ISO Implementation Roadmap- By Motaharul Islam
ISO Implementation Roadmap- By Motaharul IslamISO Implementation Roadmap- By Motaharul Islam
ISO Implementation Roadmap- By Motaharul Islam
 
Isms
IsmsIsms
Isms
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
 
Developing A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramDeveloping A Risk Based Information Security Program
Developing A Risk Based Information Security Program
 
ISO 9000 & ISO 14000: pptx..............
ISO 9000 & ISO 14000: pptx..............ISO 9000 & ISO 14000: pptx..............
ISO 9000 & ISO 14000: pptx..............
 
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptxISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
 
ISO 9001:2015 Introduction & Awareness Training
ISO 9001:2015 Introduction & Awareness Training ISO 9001:2015 Introduction & Awareness Training
ISO 9001:2015 Introduction & Awareness Training
 
ISO 45001 audit tool
ISO 45001 audit toolISO 45001 audit tool
ISO 45001 audit tool
 
Upload iso 9001 2015 presentation
Upload iso 9001 2015 presentationUpload iso 9001 2015 presentation
Upload iso 9001 2015 presentation
 
Process Audit and ISO
Process Audit and ISOProcess Audit and ISO
Process Audit and ISO
 
Auditing Standard and Practice
Auditing Standard and Practice Auditing Standard and Practice
Auditing Standard and Practice
 
Activities of the International Auditing & Assurance Standards Board
Activities of the International Auditing & Assurance Standards Board Activities of the International Auditing & Assurance Standards Board
Activities of the International Auditing & Assurance Standards Board
 
ISO 9000 & ISO 14000
ISO 9000 & ISO 14000ISO 9000 & ISO 14000
ISO 9000 & ISO 14000
 

KĂŒrzlich hochgeladen

Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...
lizamodels9
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
dlhescort
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
Call Girls Zirakpur👧 Book NowđŸ“±7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book NowđŸ“±7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book NowđŸ“±7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book NowđŸ“±7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961äč‚3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961äč‚3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961äč‚3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961äč‚3876
dlhescort
 
Russian Call Girls In Gurgaon ❀8448577510 âŠčBest Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❀8448577510 âŠčBest Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❀8448577510 âŠčBest Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❀8448577510 âŠčBest Escorts Service In 24/7 Delh...
lizamodels9
 

KĂŒrzlich hochgeladen (20)

Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Call Girls Zirakpur👧 Book NowđŸ“±7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book NowđŸ“±7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book NowđŸ“±7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book NowđŸ“±7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961äč‚3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961äč‚3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961äč‚3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961äč‚3876
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Russian Call Girls In Gurgaon ❀8448577510 âŠčBest Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❀8448577510 âŠčBest Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❀8448577510 âŠčBest Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❀8448577510 âŠčBest Escorts Service In 24/7 Delh...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 

Iso 27001 2013 Standard Requirements

  • 1. ISO 27001: 2013 Standard Documentation, Implementation and Audit Requirements classified Clause Description Documentation Requirements Implementation Requirements Audit Requirements 4 Context of the organization 4.1 Understanding the organization and its context ‘About the Organization’ in the IS Policy document Understand the organization, its nature of business and defining it in the IS Policy document. Review the IS Policy document 4.2 Understanding the needs and expectations of interested parties ‘Target Audience’ in the IS Policy document Brainstorming with Management and including it in the IS Policy document. Review the IS Policy document 4.3 Determining the scope of the ISMS ‘ISMS Scope’ in the IS Policy document Brainstorming with Management and including it in the IS Policy document. Review the IS Policy document 4.4 ISMS The IS Policy document  Establishment of IS  Appointment of IS Manager  Conducting IS Trainings and Awareness  Defining RACI Review the IS Policy document
  • 2. Clause Description Documentation Requirements Implementation Requirements Audit Requirements 5 Leadership 5.1 Leadership and commitment ISMS budget allocations, Assignment of competent IS Manager and required staff  Approval of the IS Policy  Allocation of funds  Appointment of IS Manager and other IS roles  Review and approval of ISMS changes  Review of ISMS performance  Check for ISMS head in budget  Identify IS Manager  Board approval for ISMS implementation activities 5.2 Policy IS Policy Development of the IS Policy Review the IS Policy document 5.3 Organizational roles, responsibilities and authorities  Appointment of IS Manager and required staff  Defining ISMS reporting structure  Defining RACI  IS responsibilities in Employee JD  Appointment of IS Manager and required competent staff  Development of ISMS reporting line  Development of RACI  Defining employee common IS responsibilities  Identify IS Manager  Review ISMS reporting structure  Review ISMS RACI  Review Employment documents
  • 3. Clause Description Documentation Requirements Implementation Requirements Audit Requirements 6 Planning 6.1 Actions to address risks and opportunities - - - 6.1.1 General ISMS Risk Management Methodology Defining and documenting ISMS Risk Management Methodology Review ISMS Risk Management Methodology 6.1.2 IS Risk Assessment  Define Risk Assessment Process  List of Risk Owners Develop and document Risk Assessment Process including defining risk acceptance criteria, identifying risk owners Review Risk Assessment Process 6.1.3 IS Risk Treatment Define Risk Treatment Process and SoA Develop and document Risk Treatment Process including development of SoA Review Risk Treatment Process 6.2 IS Objectives and planning to achieve them Objectives in the IS Policy document Defining IS objectives of relevant functions and levels of the organization Review IS Policy
  • 4. Clause Description Documentation Requirements Implementation Requirements Audit Requirements 7 Support 7.1 Resources  Appointment of required ISMS staff  Allocation of budget  Conducting Management Reviews Appointment of IS Manager, IS training and awareness  Identify ISMS Staff  Review ISMS staff responsibilities 7.2 Competence  IS Manager Job Description  IS Staff qualifications and experience  Appointment of competent IS Manager and required staff  Review IS Manager and staff qualifications 7.3 Awareness IS Training and Awareness activities (training materials, schedules, assessments, appreciations)  Conducting staff IS Training and awareness activities Review staff IS Training and Awareness activities 7.4 Communication List of ISMS Interested Parties, and Communication Plan  Identify and list ISMS Interested parties  Gather communication requirements and develop a plan Review list of interested parties and ISMS Communications Plan 7.5 Documented Information - - -
  • 5. Clause Description Documentation Requirements Implementation Requirements Audit Requirements 7.5.1 General All documents identified as necessary by the ISO and Organization 7.5.2 Creating and Updating  ISMS Documentation Process  Revision/Document History to be included in all ISMS documentation  Document distribution List Define ISMS Documentation process  Review ISMS Documentation process  Check for Revision/Docume nt History in ISMS documentation 7.5.3 Control of documented information  List of all ISMS related Documents (policies, processes, procedures) and Records (Decisions, Change Records, Communications, Reports, Alerts, Logs)  Data Labeling process (distribution and access)  Data Retention & Archival process  Adding Revision/Document History for all ISMS documents (Labeling, Version control, list of changes)  Identification and gathering of all ISMS related documents and records  Defining controls for developing and maintaining documented information – including Revision/Document History, labeling, distribution, access, versioning and changes  Review of ISMS Documents and Records  Review documents labeling, distribution, version and change details
  • 6. Clause Description Documentation Requirements Implementation Requirements Audit Requirements 8 Operation 8.1 Operational planning and control  Documents related to the IS operational plans, processes, procedures, actions implemented  ISMS Change Register  IS Communications, logs and reports  Third party security reports Identification of ISMS Operational plans and control activities Review ISMS operations and control activities 8.2 IS Risk Assessment Risk Assessment Reports Conducting Risk Assessment Review of periodic IS Risk Assessment reports 8.3 IS Risk Treatment Risk Treatment plans, actions and results Implementing Risk Treatment activities Review of IS Risk Treatment plans, actions and results 9 Performance Evaluation
  • 7. Clause Description Documentation Requirements Implementation Requirements Audit Requirements 9.1 Monitoring, measurement, analysis and evaluation Documents, logs, periodic reports on IS Risks, Incidents and Changes  Identifying various IS Metrics to be monitored and measured.  Assigning monitoring responsibilities to the competent staff Review reports on various ISMS metrics, and measurements 9.2 Internal Audit Periodic Internal Audit Reports Defining Internal Audit Plans and procedures (including defining Audit Criteria (ISO 27001), conducting Internal Audits periodically and reporting to Management) Review Internal Audit reports and results 9.3 Management Review MR Meeting minutes/decision related to ISMS.  Ensuring Management reviews ISMS performance periodically  Management conducting periodic reviews on ISMS performance, status of previous issues, risk assessments reports, Audits, NCs, Corrective actions, and feedback)  Review ISMS performance reviews  Review results of MRs (Corrective actions) 10 Improvement
  • 8. Clause Description Documentation Requirements Implementation Requirements Audit Requirements 10.1 Nonconformity and corrective action ISO 27001 ISMS NC Register along with corrective action details.  Developing and maintaining an NC Register  Defining procedures for ISMS NC corrective actions Review ISO ISMS NC Register and status of corrective actions and its results. 10.2 Continual improvement Periodic Risk Assessments reports, Audit reports, MRs and feedbacks.  Defining processes for deriving ISMS improvements through periodic risk assessments, internal and external audits, periodic MRs and interested parties feedback  Adding improvements to the ISMS policies, processes and procedures Review ISMS continual improvement on the basis of risk assessments, pervious audits reports, MRs and feedback.
  • 9. The ISO 27001:2013 standard does not require the organizations to prepare a separate ISMS policy explicitly. However, the organizations can prepare it if they want. The organizations already having both IS Policy and ISMS Policy can continue or merge into one single IS Policy document with minor changes. About IS vs ISMS Information security (IS) is achieved through the implementation of an applicable set of controls. The controls are selected through the chosen risk management process and managed using an ISMS (Information Security Management System). The ISMS includes policies, processes, procedures, organizational structures, software and hardware to protect the identified information assets. - According to ISO 27000:2012 ISMS Vocabulary Document About IS Policy Vs ISMS Policy IS Policy is the responsibility of the Board / Senior Management. ISMS Policy is the responsibility of Executive Management. The board delegate IS responsibilities to the Management, which are achieved effective through establishing, operating, monitoring, reviewing, maintaining and improving the ISMS. - Explained in the PECB ISO 27001 Lead Implementer Course Material