CHAPTER 2: IMPLEMENTING AND AUDITING ISMS CONTROL OBJECTIVES AND CONTROLS
In this section, each of the control objectives and control requirements in ISO/IEC 27001, Annex A are discussed from implementation and auditing viewpoints, taking into account the implementation advice given for each control in ISO/IEC 27002, the code of practice for information security management. The complete control objectives from ISO/IEC 27002 are included in this document to clarify the requirements.
Readers are encouraged to read both the implementing and auditing sections to obtain a clear view of what is required and how it might be tested.
2.1 Information security policies (ISO/IEC 27001, A.5)
2.1.1 Management direction for information security (ISO/IEC 27001, ...
Get ISO 27001 controls – A guide to implementing and auditing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.