Professional Documents
Culture Documents
1. ISO 27001 comprises 114 security controls categorized into different functions.
These controls are prepared throughout numerous clauses that define specific
requirements for an Information Security Management System (ISMS).
4. Organization may select the controls that apply to them based on their risk
profile. However, it requires to document a valid reason why some controls don’t apply
to the organization.
S NO CLAUSE NO FUNCTION
a. 4 Organization
b. 5 Leadership
c. 6 Planning
d. 7 Support
e. 8 Operation
f. 9 Performance Evaluation
g. 10 Improvement
7. Management role is also very critical here. Therefore, the entire process of ISO
27001 implementation rests equally on management review and approval of policies
and procedures at every decisive step.