4.1 Understanding the organization and its context
Log in here: link
Log in here: link
1) Understanding the organization and its context.
2) Understanding the needs and expectations of interested parties.
3) Determining the scope of the ISMS.
4) ISMS risk assessment.
5) ISMS risk treatment.
6) Monitoring and reviewing the ISMS.
1) Leadership and commitment.
2) Policy.
3) Organizational roles, responsibilities and authorities.
4) Human resources.
5) Communication.
6) Documented information.
7) Control of documents.
8) Control of records.
1) Risk assessment.
2) Risk treatment.
3) Statement of Applicability (SoA).
4) Implementation of controls.
5) Information security objectives and planning to achieve them.
6) Resources, roles, responsibilities, and authorities.
7) Awareness and training.
8) Communication.
9) Documentation.
10) Operational planning and control.
1) Performance evaluation.
2) Internal audit.
3) Management review.
4) Monitoring and measurement.
5) Evaluation of compliance.
6) Internal ISMS audit programme.
7) Management of ISMS audit programme.
8) ISMS audit process.
9) ISMS audit reporting.
1) Continual improvement.
2) Nonconformity and corrective action.
3) Preventive action.
4) Control of records.
5) Internal audit.
6) Management review.
7) Monitoring and measurement.
8) Corrective and preventive actions.
1) Information security policy.
2) Management direction for information security.
3) Scope of the information security policy.
4) Information security objectives.
5) Commitment to legal and regulatory requirements.
6) Risk assessment and management.
7) Acceptable use of assets.
8) Roles and responsibilities.
9) Awareness, training, and education.
10 Reporting of security incidents.
11) Monitoring and review.