Purpose
How to use this page
Use this as a navigation and decision page. Follow the links for detailed control, audit, risk, evidence, and exam notes.
This is the ISO/IEC 27001 section of the vault. It answers:
What is required for the ISMS?
ISO/IEC 27001 is the requirements standard. It defines the management-system requirements, the risk-based control selection requirement, and Annex A as the control reference set. It is the certifiable standard in this knowledge base.
Core relationship
| Standard | Role in the KB |
|---|---|
| ISO 27001 Knowledge Base MOC | Requirements and certification logic |
| ISO 27002 Knowledge Base MOC | Annex A control interpretation and implementation guidance |
| ISO 27005 Knowledge Base MOC | Information security risk-management logic |
| ISO 27001 Implementer Guide MOC | How to build the ISMS |
| ISO 27001 Auditor Guide MOC | How to verify the ISMS |
ISO 27001 source notes
- Information Security Management System
- Field of Application, Usage, and Compliance
- ISO 27001 Clauses 4-10 vs Annex A
- Annex A and the Statement of Applicability
- Statement of Applicability
- Risk Assessment
- Internal Audit
- Management Review
Annex A controls
Implementation and audit views
- ISO 27001 Requirements to Implementation and Audit Map
- ISO 27001 Implementer Guide MOC
- ISO 27001 Auditor Guide MOC
- ISO 27001 Implementer Auditor ISO 27005 Mapping
Exam cues
- Clauses 4-10 are mandatory management-system requirements.
- Annex A controls are selected based on risk assessment, risk treatment, and the Statement of Applicability.
- ISO/IEC 27002 explains control guidance; it is not the certifiable requirements standard.
- ISO/IEC 27005 supports risk management; it does not replace ISO/IEC 27001 requirements.
Research basis
ISO describes ISO/IEC 27001 as the standard for information security management systems and notes that it helps organizations manage information security risks through people, policies, and technology.
External references
- Iso27001
- Knowledge base
- Moc
Note Metadata
Aliases: ISO27001 KB, ISO 27001 KB
Source: 10 ISO 27001 Knowledge Base/ISO 27001 Knowledge Base MOC.md
Related Notes
- ISO27001 ISMS KB - Start Here
- Annex A and the Statement of Applicability
- Field of Application, Usage, and Compliance
- Information Security Management System
- Internal Audit
- ISO 27001 Clauses 4-10 vs Annex A
- Management Review
- Risk Assessment
- Statement of Applicability
- ISO 27001 Clause 10 - Improvement
- ISO 27001 Clause 4 - Context of the Organization
- ISO 27001 Clause 5 - Leadership
- ISO 27001 Clause 6 - Planning
- ISO 27001 Clause 7 - Support
- ISO 27001 Clause 8 - Operation
- ISO 27001 Clause 9 - Performance Evaluation
- A.5 Organizational Controls MOC
- ISO 27001 Implementer Guide
- ISO 27001 Auditor Guide
- ISO 27001 Implementer Auditor ISO 27005 Mapping
- ISO 27001 Requirements to Implementation and Audit Map
- ISO 27002 Knowledge Base
- ISO 27005 Knowledge Base
- Template Clause Note
- Template Control Card
- Annex A Controls MOC
- ISO 27001 Overview
- Templates MOC