UnixTime

Research Note

ISO 27001 Requirements to Implementation and Audit Map

This map keeps the ISO/IEC 27001 requirement view separate from the implementer and auditor views.

On this page

Purpose

How to use this page

Use this as a navigation and decision page. Follow the links for detailed control, audit, risk, evidence, and exam notes.

This map keeps the ISO/IEC 27001 requirement view separate from the implementer and auditor views.

Map

ISO 27001 area Requirement view Implementer view Auditor view Risk view
Context Define organization, interested parties, scope Build scope statement and requirements register Verify scope is justified and reflected in operation Establish risk context
Leadership Demonstrate commitment, policy, roles Assign ownership and approve policy Verify accountability and management involvement Assign risk/control ownership
Planning Address risks/opportunities, objectives, treatment Define risk method, risk register, SoA, objectives Verify risk method, treatment, and SoA consistency Identify, analyze, evaluate, treat risk
Support Provide resources, competence, awareness, communication, documented information Build competence, awareness, communication, document control Verify records and awareness Communicate and document risk
Operation Plan and control ISMS processes and risk work Operate risk assessment/treatment and controls Verify operation records and changes Operate the risk process
Performance evaluation Monitor, measure, audit, review Define metrics, internal audit, management review Verify audit and review effectiveness Monitor and review risk
Improvement Handle nonconformity and continual improvement Run corrective action and lessons learned Verify correction and effectiveness Feed risk reassessment
Annex A Reference controls for risk treatment Implement selected controls Test control design and operation Risk treatment library
  • Iso27001
  • Mapping
  • Implementer guide
  • Auditor guide

Note Metadata

Aliases: ISO 27001 Requirement Map

Source: 10 ISO 27001 Knowledge Base/ISO 27001 Requirements to Implementation and Audit Map.md