ISO27001

1) Understanding the organization and its context.
2) Understanding the needs and expectations of interested parties.
3) Determining the scope of the ISMS.
4) ISMS risk assessment.
5) ISMS risk treatment.
6) Monitoring and reviewing the ISMS.

1) Leadership and commitment.
2) Policy.
3) Organizational roles, responsibilities and authorities.
4) Human resources.
5) Communication.
6) Documented information.
7) Control of documents.
8) Control of records.

1) Risk assessment.
2) Risk treatment.
3) Statement of Applicability (SoA).
4) Implementation of controls.
5) Information security objectives and planning to achieve them.
6) Resources, roles, responsibilities, and authorities.
7) Awareness and training.
8) Communication.
9) Documentation.
10) Operational planning and control.

1) Resources.
2) Competence.
3) Awareness.
4) Communication.
5) Documented information.
6) Control of documented information.
7) Operational planning and control.
8) Monitoring, measurement, analysis and evaluation.
9) Internal audit.
10) Management review.

1) Nonconformity and corrective action.
2) Continual improvement.
3) Information security objectives.
4) Management review.
5) Internal audit.
6) Monitoring and measurement.
7) Evaluation of compliance.
8) Corrective and preventive actions.

1) Performance evaluation.
2) Internal audit.
3) Management review.
4) Monitoring and measurement.
5) Evaluation of compliance.
6) Internal ISMS audit programme.
7) Management of ISMS audit programme.
8) ISMS audit process.
9) ISMS audit reporting.

1) Continual improvement.
2) Nonconformity and corrective action.
3) Preventive action.
4) Control of records.
5) Internal audit.
6) Management review.
7) Monitoring and measurement.
8) Corrective and preventive actions.