This table maps all requirements of the ISO 27001:2023 (by section) to the relevant documents (here: OpenRegulatory templates).
Note that the document names in the “Fulfilled in Document” column are based on the OpenRegulatory templates. You’ll probably have a different system for assigning document names, so feel free to rename them.
Section | Title | Fulfilled in Document |
---|---|---|
4.1 | Understanding the organization and its context | |
4.2 | Understanding the needs and expectations of interested parties | |
4.3 | Determining the scope of the information security management system | Information Security Policy And Scope |
4.4 | Information security management system | Information Security Policy And Scope |
5.1 | Leadership and commitment | Information Security Policy And Scope |
5.2 | Policy | Information Security Policy And Scope |
5.3 | Organizational roles, responsibilities and authorities | Information Security Policy And Scope |
6.1.1 | Actions to address risks and opportunities – General | SOP Information Security Risk Assessment |
6.1.2 | Information security risk assessment | SOP Information Security Risk Assessment |
6.1.3 | Information security risk treatment | SOP Information Security Risk Assessment, Information Security Controls |
6.2 | Information security objectives and planning to achieve them | |
6.3 | Planning of changes | |
7.1 | Support – Resources | |
7.2 | Competence | |
7.3 | Awareness | |
7.4 | Communication | |
7.5.1 | Document information – General | |
7.5.2 | Creating and updating | |
7.5.3 | Control of documented information | |
8.1 | Operation – Operational planning and control | |
8.2 | Information security risk assessment | |
8.3 | Information security risk treatment | |
9.1 | Performance evaluation – Monitoring, measurement, analysis and evaluation | |
9.2.1 | Internal audit – General | |
9.2.2 | Internal audit programme | |
9.3.1 | Management review – General | |
9.3.2 | Management review inputs | |
9.3.3 | Management review results | |
10.1 | Improvement – Continual improvement | |
10.2 | Nonconformity and corrective action | |
Annex A | Information security controls references | Information Security Controls |
Template Copyright openregulatory.com. See template license.
Please don’t remove this notice even if you’ve modified contents of this template.