Iso 27001 checklist

Template Information

This checklist can be used to assess the readiness of the organization for iso 27001 certification. help discover process gaps and review your organization's isms based on the iso 27001:2013 standard.

Category: general

Template Questions

  • 4.1 Understanding the organization and its context
  • 4. Context of the Organization
  • 4.2 Understanding the needs and expectations of interested parties
  • 4.3 Determining the scope of the information security management system
  • 4.4 Information security management system
  • 5.1 Leadership and commitment
  • Management shall provide evidence of its commitment to the establishment, implementation, operation,
  • 5. Leadership
  • 5.2 Policy
  • 5.3 Organizational roles, responsibilities and authorities
  • 6.1 Actions to address risks and opportunities
  • 6.1.1 General
  • 6. Planning
  • 6.1.2 Information security risk assessment
  • The organization shall define and apply an information security risk assessment process that:
  • 6.1.3 Information security risk treatment
  • The organization shall define and apply an information security risk treatment process to:
  • 6.2 Information security objectives and plans to achieve them
  • 7.1 Resources
  • 7. Support
  • 7.2 Competence
  • The organization shall:
  • 7.3 Awareness
  • Persons doing work under the organization’s control shall be aware of:
  • 7.4 Communication
  • The organization shall determine the need for internal and external communications relevant to the in
  • 7.5 Documented information
  • 7.5.1 General
  • The organization’s information security management system shall include:
  • 7.5.2 Creating and updating
  • When creating and updating documented information the organization shall ensure appropriate:
  • 7.5.3 Control of documented information
  • Documented information required by the information security management system and by this Internation
  • For the control of documented information, the organization shall address the following activities, a
  • 8.1 Operational planning and control
  • 8. Operation
  • 8.2 Information security risk assessment
  • 8.3 Information security risk treatment
  • 9.1 Monitoring, measurement, analysis and evaluation
  • 9. Performance evaluation
  • The organization shall determine:
  • 9.2 Internal audit
  • 9.3 Management review
  • The management review shall include consideration of:
  • 10.1 Nonconformity and corrective action
  • When a nonconformity occurs, the organization shall:
  • 10. Improvement
  • The organization shall retain documented information as evidence of:
  • 10.2 Continual improvement
  • Comments/ Reconmmendations
  • Name and Signature