Chapter 4: Management framework

ISO 27001 is a specification for an information security management system, so unsurprisingly, it sets out requirements for a management framework. The fourth step in the ISMS implementation is to create that framework.

Clause 4 of ISO 27001 says the organisation must understand the needs and expectations of interested parties, as well as the internal context of the organisation, and that these should be considered when establishing the scope of the ISMS.

You should have started to identify these requirements when creating your project risk register, so you can use this opportunity to revisit and build upon that information. The external context will include the business and risk environment, what’s going on in ...

Get Nine Steps to Success - An ISO 27001:2022 Implementation Overview now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nine Steps to Success - An ISO 27001:2022 Implementation Overview by Alan Calder

CHAPTER 4: MANAGEMENT FRAMEWORK

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly