CHAPTER 2: IMPLEMENTING AND AUDITING ISMS CONTROL OBJECTIVES AND CONTROLS

In this section, each of the control objectives and control requirements in ISO/IEC 27001, Annex A are discussed from implementation and auditing viewpoints, taking into account the implementation advice given for each control in ISO/IEC 27002, the code of practice for information security management. The complete control objectives from ISO/IEC 27002 are included in this document to clarify the requirements.

Readers are encouraged to read both the implementing and auditing sections to obtain a clear view of what is required and how it might be tested.

2.1 Information security policies (ISO/IEC 27001, A.5)

2.1.1 Management direction for information security (ISO/IEC 27001, ...

Get ISO 27001 controls – A guide to implementing and auditing now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.