CHAPTER 4: MANAGEMENT FRAMEWORK

ISO 27001 is a specification for an information security management system. Unsurprisingly, therefore, it sets out requirements for a management framework. The fourth step in the ISMS implementation is to create this management framework.

Clause 4 of ISO 27001 says the organisation must identify the needs and expectations of interested parties, as well as the internal context of the organisation, and that these should be taken into account in establishing the scope of the ISMS.

You started to identify these requirements when creating your project risk register, so you should revisit this information and build on it. The external context will include the business and risk environment, what’s going on in your sector, ...

Get Nine Steps to Success: An ISO27001:2013 implementation overview now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.