{"id":93,"date":"2017-11-04T09:27:26","date_gmt":"2017-11-04T14:27:26","guid":{"rendered":"https:\/\/staging.itgonline.com\/consulting\/?page_id=93"},"modified":"2019-11-27T10:26:04","modified_gmt":"2019-11-27T15:26:04","slug":"iso-27001-controls-sections-objectives","status":"publish","type":"page","link":"https:\/\/staging.itgonline.com\/consulting\/iso-consulting\/iso-27001-information-security-management\/iso-27001-controls-sections-objectives\/","title":{"rendered":"ISO\/IEC 27001 Requirements"},"content":{"rendered":"\n\n\n<p class=\"has-text-color has-large-font-size has-theme-blue-color\">ISO 27001 Requirements and Controls<\/p>\n\n\n\n<p>ISO\/IEC 27001 Requirements are comprised of <strong>eight major sections of guidance<\/strong> that must be implemented by an organization, as well as an <strong>Annex, which describes controls and control objectives<\/strong> that must be considered by every organization:<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Section Number<\/strong><\/th><th><strong>Expectations<\/strong><\/th><\/tr><\/thead><tbody><tr><td>1-3 <strong>ISO Scope, References, Terms<\/strong><\/td><td>General introduction notes to the standard <\/td><\/tr><tr><td>4 <strong>Context of the Organization<\/strong><\/td><td>Determining the scope of an organization\u2019s Information Security Management System (ISMS) <br>Understanding of strategy, interested parties, needs and expectations <\/td><\/tr><tr><td>5 <strong>Leadership<\/strong><\/td><td>Leadership Commitment <br>Information Security Policy<br>Roles and Responsibilities <\/td><\/tr><tr><td>6 <strong>Planning<\/strong><\/td><td>Risk Assessment Process and Plan <br>Risk Treatment Planning<br>Security objectives, metrics, and plans <\/td><\/tr><tr><td>7 <strong>Support<\/strong><\/td><td>Resource Management Competency and Training<br>Security Awareness<br>Communication<br>Document Management <\/td><\/tr><tr><td>8 <strong>Operation<\/strong><\/td><td>Operational Planning and control <br>Risk assessment<br>Implementation of risk treatment <\/td><\/tr><tr><td>9 <strong>Performance Evaluation<\/strong><\/td><td>Monitor and measure <br>Analysis of Performance<br>Internal Audit<br>Management review <\/td><\/tr><tr><td>10 <strong>Improvement<\/strong><\/td><td> Corrective Action <br>Continual Improvement <\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Within ISO 27001, the sections outlined above constitute the <strong>management system elements or mandatory ISO 27001 requirements<\/strong>, which are designed to set expectations and provide guidance on how to implement an information security management system that provides predictable results.<\/p>\n\n\n\n<p>Based on operations, services and the risk levels associated with an organization and sector, each company will select controls from ISO 27001 Annex A; the controls are intended to help to reduce the likelihood of a harmful information security incident.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">ISO 27001 Annex A Objective Controls<\/h2>\n\n\n\n<p>The <strong>Annex A controls and control objectives<\/strong> are applied to organizationally defined risks to help provide mitigation of risks to assets with the intent to provide a system that defines how information security is managed, what steps are taken, and the results that are intended to be achieved.<\/p>\n\n\n\n<p>In many cases, organizations may have already <strong>invested time and resources to control specific requirements<\/strong>. For example, a company that has invested in firewalls to protect networks, implemented background checks for new employees, and\/or created access profiles on existing systems to segregate access to information to those that \u201cneed to know\u201d.<\/p>\n\n\n\n<p>Since many organizations have started the implementation process to meet customers\u2019 demands, the most <strong>pragmatic way to approach ISO\/IEC 27001 requirements is to evaluate the current system<\/strong> against each of the mandatory processes and Annex A controls. The Annex A controls are grouped as follows:<\/p>\n\n\n\n<p>A.5 \u2013 <strong>Information Security Policies<\/strong><\/p>\n\n\n\n<p>A.6 \u2013 Organization of <strong>information security<\/strong><\/p>\n\n\n\n<p>A.7 \u2013 <strong>Human resources<\/strong> security<\/p>\n\n\n\n<p>A.8 \u2013 <strong>Asset<\/strong> management<\/p>\n\n\n\n<p>A.9 \u2013 Access control<\/p>\n\n\n\n<p>A.10 \u2013 <strong>Cryptography<\/strong><\/p>\n\n\n\n<p>A.11 \u2013 <strong>Physical<\/strong> and <strong>environmental<\/strong> security<\/p>\n\n\n\n<p>A.12 \u2013 <strong>Operations<\/strong> Security<\/p>\n\n\n\n<p>A.13 \u2013 Communications Security<\/p>\n\n\n\n<p>A.14 \u2013 <strong>System acquisition<\/strong>, development and maintenance<\/p>\n\n\n\n<p>A.15 \u2013 <strong>Supplier Relationships<\/strong><\/p>\n\n\n\n<p>A.16 \u2013 Information Security Incident Management<\/p>\n\n\n\n<p>A.17 \u2013 Business Continuity<\/p>\n\n\n\n<p>A.18 \u2013 Compliance<\/p>\n\n\n\n<p><strong>After implementing the ISO 27001 requirements for an information security management system<\/strong>, ISO 27001 certification or ISO 27001 registration is a method in which a company can prove that they have successfully implemented the requirements.<\/p>\n\n\n\n<p>After documenting processes and performing reviews, a company may hire an independent auditing company to review their processes and ensure that the company is adhering to the developed processes. At the end of the audit, the company is presented with a certificate that they can then provide to existing and potential customers as proof of their commitment to information security.<\/p>\n\n\n\n<p>An organization ultimately needs to understand the ISO 27001 requirements and controls and how to get ISO 27001 certified.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Looking for methods to address information security?<\/h2>\n\n\n\n<p>Learn more about how we can <strong>accelerate your ISO 27001 implementation<\/strong>. We will contact you the moment we receive your information to discuss and our certified ISO 27001 Consultants will show you how to successfully prepare for and achieve an ISO 27001 implementation, and strategically support your information security goals and objectives. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>ISO 27001 Requirements and Controls ISO\/IEC 27001 Requirements are comprised of eight major sections of guidance that must be implemented by an organization, as well as an Annex, which describes controls and control objectives that must be considered by every organization: Section Number Expectations 1-3 ISO Scope, References, Terms General introduction notes to the standard [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":87,"menu_order":20,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-93","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ISO\/IEC 27701 Requirements &amp; Controls - ITG Consulting Services<\/title>\n<meta name=\"description\" content=\"ISO\/IEC 27001 Requirements has 39 Control Objectives and more than 130 Controls inclusing Information Security Policies See all sections in this guidance\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO\/IEC 27701 Requirements &amp; Controls - ITG Consulting Services\" \/>\n<meta property=\"og:description\" content=\"ISO\/IEC 27001 Requirements has 39 Control Objectives and more than 130 Controls inclusing Information Security Policies See all sections in this guidance\" \/>\n<meta property=\"og:url\" content=\"https:\/\/staging.itgonline.com\/consulting\/iso-consulting\/iso-27001-information-security-management\/iso-27001-controls-sections-objectives\/\" \/>\n<meta property=\"og:site_name\" content=\"ITG Consulting Services\" \/>\n<meta property=\"article:modified_time\" content=\"2019-11-27T15:26:04+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/iso-consulting\\\/iso-27001-information-security-management\\\/iso-27001-controls-sections-objectives\\\/\",\"url\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/iso-consulting\\\/iso-27001-information-security-management\\\/iso-27001-controls-sections-objectives\\\/\",\"name\":\"ISO\\\/IEC 27701 Requirements & Controls - ITG Consulting Services\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/#website\"},\"datePublished\":\"2017-11-04T14:27:26+00:00\",\"dateModified\":\"2019-11-27T15:26:04+00:00\",\"description\":\"ISO\\\/IEC 27001 Requirements has 39 Control Objectives and more than 130 Controls inclusing Information Security Policies See all sections in this guidance\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/iso-consulting\\\/iso-27001-information-security-management\\\/iso-27001-controls-sections-objectives\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/iso-consulting\\\/iso-27001-information-security-management\\\/iso-27001-controls-sections-objectives\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/iso-consulting\\\/iso-27001-information-security-management\\\/iso-27001-controls-sections-objectives\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ISO Consulting Services\",\"item\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/iso-consulting\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"ISO 27001 ISMS\",\"item\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/iso-consulting\\\/iso-27001-information-security-management\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"ISO\\\/IEC 27001 Requirements\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/#website\",\"url\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/\",\"name\":\"ITG Consulting Services\",\"description\":\"Management and Compliance Consulting Services\",\"publisher\":{\"@id\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/#organization\",\"name\":\"Integration Technologies Group Inc\",\"url\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/wp-content\\\/uploads\\\/itg-ico.png\",\"contentUrl\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/wp-content\\\/uploads\\\/itg-ico.png\",\"width\":512,\"height\":512,\"caption\":\"Integration Technologies Group Inc\"},\"image\":{\"@id\":\"https:\\\/\\\/staging.itgonline.com\\\/consulting\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ISO\/IEC 27701 Requirements & Controls - ITG Consulting Services","description":"ISO\/IEC 27001 Requirements has 39 Control Objectives and more than 130 Controls inclusing Information Security Policies See all sections in this guidance","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"ISO\/IEC 27701 Requirements & Controls - ITG Consulting Services","og_description":"ISO\/IEC 27001 Requirements has 39 Control Objectives and more than 130 Controls inclusing Information Security Policies See all sections in this guidance","og_url":"https:\/\/staging.itgonline.com\/consulting\/iso-consulting\/iso-27001-information-security-management\/iso-27001-controls-sections-objectives\/","og_site_name":"ITG Consulting Services","article_modified_time":"2019-11-27T15:26:04+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/staging.itgonline.com\/consulting\/iso-consulting\/iso-27001-information-security-management\/iso-27001-controls-sections-objectives\/","url":"https:\/\/staging.itgonline.com\/consulting\/iso-consulting\/iso-27001-information-security-management\/iso-27001-controls-sections-objectives\/","name":"ISO\/IEC 27701 Requirements & Controls - ITG Consulting Services","isPartOf":{"@id":"https:\/\/staging.itgonline.com\/consulting\/#website"},"datePublished":"2017-11-04T14:27:26+00:00","dateModified":"2019-11-27T15:26:04+00:00","description":"ISO\/IEC 27001 Requirements has 39 Control Objectives and more than 130 Controls inclusing Information Security Policies See all sections in this guidance","breadcrumb":{"@id":"https:\/\/staging.itgonline.com\/consulting\/iso-consulting\/iso-27001-information-security-management\/iso-27001-controls-sections-objectives\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/staging.itgonline.com\/consulting\/iso-consulting\/iso-27001-information-security-management\/iso-27001-controls-sections-objectives\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/staging.itgonline.com\/consulting\/iso-consulting\/iso-27001-information-security-management\/iso-27001-controls-sections-objectives\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/staging.itgonline.com\/consulting\/"},{"@type":"ListItem","position":2,"name":"ISO Consulting Services","item":"https:\/\/staging.itgonline.com\/consulting\/iso-consulting\/"},{"@type":"ListItem","position":3,"name":"ISO 27001 ISMS","item":"https:\/\/staging.itgonline.com\/consulting\/iso-consulting\/iso-27001-information-security-management\/"},{"@type":"ListItem","position":4,"name":"ISO\/IEC 27001 Requirements"}]},{"@type":"WebSite","@id":"https:\/\/staging.itgonline.com\/consulting\/#website","url":"https:\/\/staging.itgonline.com\/consulting\/","name":"ITG Consulting Services","description":"Management and Compliance Consulting Services","publisher":{"@id":"https:\/\/staging.itgonline.com\/consulting\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/staging.itgonline.com\/consulting\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/staging.itgonline.com\/consulting\/#organization","name":"Integration Technologies Group Inc","url":"https:\/\/staging.itgonline.com\/consulting\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/staging.itgonline.com\/consulting\/#\/schema\/logo\/image\/","url":"https:\/\/staging.itgonline.com\/consulting\/wp-content\/uploads\/itg-ico.png","contentUrl":"https:\/\/staging.itgonline.com\/consulting\/wp-content\/uploads\/itg-ico.png","width":512,"height":512,"caption":"Integration Technologies Group Inc"},"image":{"@id":"https:\/\/staging.itgonline.com\/consulting\/#\/schema\/logo\/image\/"}}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/staging.itgonline.com\/consulting\/wp-json\/wp\/v2\/pages\/93","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.itgonline.com\/consulting\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/staging.itgonline.com\/consulting\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/staging.itgonline.com\/consulting\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.itgonline.com\/consulting\/wp-json\/wp\/v2\/comments?post=93"}],"version-history":[{"count":11,"href":"https:\/\/staging.itgonline.com\/consulting\/wp-json\/wp\/v2\/pages\/93\/revisions"}],"predecessor-version":[{"id":1282,"href":"https:\/\/staging.itgonline.com\/consulting\/wp-json\/wp\/v2\/pages\/93\/revisions\/1282"}],"up":[{"embeddable":true,"href":"https:\/\/staging.itgonline.com\/consulting\/wp-json\/wp\/v2\/pages\/87"}],"wp:attachment":[{"href":"https:\/\/staging.itgonline.com\/consulting\/wp-json\/wp\/v2\/media?parent=93"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}