Chapter 5: Organizational controls (ISO/IEC 27001, A.5)

In this section, each of the control objectives and control requirements in Annex A of ISO/IEC 27001 are discussed from both implementation and auditing viewpoints, taking into account the implementation advice given for each control in ISO/IEC 27002.

Readers are encouraged to review both the implementing and auditing sections to understand what is required and how it might be tested.

5.1 Policies for information security (ISO/IEC 27001, A.5.1)

“Information security policy and topic-specific policies shall be defined, approved by management, published, communicated to and acknowledged by relevant personnel and relevant interested parties, and reviewed at planned intervals and if significant ...

Get ISO 27001 Controls - A guide to implementing and auditing, Second edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISO 27001 Controls - A guide to implementing and auditing, Second edition by Bridget Kenyon

CHAPTER 5: ORGANIZATIONAL CONTROLS (ISO/IEC 27001, A.5)

5.1 Policies for information security (ISO/IEC 27001, A.5.1)

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly