UnixTime

Domain guide

What this domain covers

Practitioner guidance for turning ISO requirements into implementation plans, operating artifacts, and control ownership.

65 resources

Guide + resources

Grouped resources

Guide notes

Implementation context, reference notes, and explanatory material.

65 items
Framework note 04 mins read

A.5 Organizational Controls Implementation Guide

This note converts the covered A.5 control library into an implementer view. Use the individual control notes for detail and this guide for build sequencing.

ISO27001 ISO27002 iso27001 implementer-guide
Framework note 03 mins read

A.6 People Controls Implementation Guide

1. Identify people categories in ISMS scope: employees, contractors, temporary staff, consultants, and third-party users. 2. Map role risk using access level, information classi...

ISO27001 ISO27002 iso27001 implementer-guide
Framework note 04 mins read

A.7 Physical Controls Implementation Guide

1. Identify areas containing information and associated assets. 2. Classify zones by business process, asset sensitivity, customer/regulatory need, and risk. 3. Define perimeter...

ISO27001 ISO27002 iso27001 implementer-guide
Framework note 08 mins read

A.8 Technological Controls Implementation Guide

1. Identify systems, endpoints, users, privileged access paths, information repositories, source repositories, authentication paths, critical capacity resources, malware protect...

ISO27001 iso27001 implementer-guide technological-controls
Research note 01 min read

AQ-ISO27001-A.7.12 Cabling Security

Audit question set for ISO27001-A.7.12. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.7.13 Equipment Maintenance

Audit question set for ISO27001-A.7.13. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.7.14 Secure Disposal or Re-Use of Equipment

Audit question set for ISO27001-A.7.14. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Framework note 02 mins read

ISMS Implementation Roadmap

- Start with the business and risk context, not Annex A. - Treat Annex A as a control library, not a mandatory checklist. - Keep evidence close to the process that creates it. -...

ISO27001 iso27001 implementer-guide isms
Framework note 02 mins read

ISO 27001 Implementer Guide

This guide is the implementation view of the vault. It explains how to build and operate an ISMS using the existing ISO/IEC 27001 notes, Annex A controls, templates, evidence pa...

ISO27001 iso27001 implementer-guide isms
Research note 01 min read

AQ-ISO27001-A.7.10 Storage Media

Audit question set for ISO27001-A.7.10. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.7.11 Supporting Utilities

Audit question set for ISO27001-A.7.11. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.7.9 Security of Assets Off-Premises

Audit question set for ISO27001-A.7.9. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.7.8 Equipment Siting and Protection

Audit question set for ISO27001-A.7.8. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.6.1 Screening

Audit question set for ISO27001-A.6.1. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.6.2 Terms and Conditions of Employment

Audit question set for ISO27001-A.6.2. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.6.4 Disciplinary Process

Audit question set for ISO27001-A.6.4. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.6.7 Remote Working

Audit question set for ISO27001-A.6.7. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.6.8 Information Security Event Reporting

Audit question set for ISO27001-A.6.8. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.7.1 Physical Security Perimeters

Audit question set for ISO27001-A.7.1. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.7.2 Physical Entry

Audit question set for ISO27001-A.7.2. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.7.3 Securing Offices, Rooms and Facilities

Audit question set for ISO27001-A.7.3. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.7.4 Physical Security Monitoring

Audit question set for ISO27001-A.7.4. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.7.6 Working in Secure Areas

Audit question set for ISO27001-A.7.6. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.7.7 Clear Desk and Clear Screen

Audit question set for ISO27001-A.7.7. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.33 Protection of Records

Audit question set for ISO27001-A.5.33. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.34 Privacy and Protection of PII

Audit question set for ISO27001-A.5.34. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.37 Documented Operating Procedures

Audit question set for ISO27001-A.5.37. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.28 Collection of Evidence

Audit question set for ISO27001-A.5.28. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.29 Information Security During Disruption

Audit question set for ISO27001-A.5.29. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.30 ICT Readiness for Business Continuity

Audit question set for ISO27001-A.5.30. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.32 Intellectual Property Rights

Audit question set for ISO27001-A.5.32. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.1 Policies for Information Security

Audit question set for ISO27001-A.5.1. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.11 Return of Assets

Audit question set for ISO27001-A.5.11. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.12 Classification of Information

Audit question set for ISO27001-A.5.12. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.13 Labelling of Information

Audit question set for ISO27001-A.5.13. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.14 Information Transfer

Audit question set for ISO27001-A.5.14. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.15 Access Control

Audit question set for ISO27001-A.5.15. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.16 Identity Management

Audit question set for ISO27001-A.5.16. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.17 Authentication Information

Audit question set for ISO27001-A.5.17. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.18 Access Rights

Audit question set for ISO27001-A.5.18. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.3 Segregation of Duties

Audit question set for ISO27001-A.5.3. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.4 Management Responsibilities

Audit question set for ISO27001-A.5.4. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.5 Contact with Authorities

Audit question set for ISO27001-A.5.5. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.6 Contact with Special Interest Groups

Audit question set for ISO27001-A.5.6. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question
Research note 01 min read

AQ-ISO27001-A.5.7 Threat Intelligence

Audit question set for ISO27001-A.5.7. Use it to validate implementation, operating evidence, exceptions, review cadence, ownership, and corrective action.

ISO27001 ISO27002 audit audit-question

Deep links

Link to this domain with /research/iso27001/implementation-guides/ . Link directly to exact notes from any resource card above.