ISO IEC27001
| Chapter | Assigned processes |
|---|---|
| 1 Scope | |
| 2 Normative references | |
| 3 Terms and definitions | |
| 4 Context of the organization | |
| 4.1 Understanding the organization and its context | |
| 4.2 Understanding the needs and expectations of interested parties | |
| 4.3 Determining the scope of the information security management system | |
| 4.4 Information security management system | |
| 5 Leadership | |
| 5.1 Leadership and commitment | |
| 5.2 Policy | |
| 5.3 Organizational roles, responsibilities and authorities | |
| 6 Planning | |
| 6.1 Actions to address risks and opportunities | |
| 6.2 Information security objectives and planning to achieve them | |
| 7 Support | |
| 7.1 Resources | |
| 7.2 Competence | |
| 7.3 Awareness | |
| 7.4 Communication | |
| 7.5 Documented information | |
| 8 Operation | |
| 8.1 Operational planning and control | |
| 8.2 Information security risk assessment | |
| 8.3 Information security risk treatment | |
| 9 Performance evaluation | |
| 9.1 Monitoring, measurement, analysis and evaluation | |
| 9.2 Internal audit | |
| 9.3 Management review | |
| 10 Improvement | |
| 10.1 Nonconformity and corrective action | |
| 10.2 Continual improvement |
