Template: ISO 27001:2023 Mapping of Requirements to Documents

Template Download

This is a free template, provided by OpenRegulatory.

If you are a user of Formwork, our eQMS software, you can save a lot of time by choosing “QMS” on the top menu and “OpenRegulatory Templates” on the left menu, and then opening the relevant folder to find this template ready to load into Formwork.

If, for some mysterious reason, you’re using a different QMS Software, you can also simply download this template – specifically, as Word (.docx), PDF, Google Docs or Markdown file. Scroll down for a preview!

The template license applies (don’t remove the copyright at the bottom, don’t re-use this for commercial purposes).

Talk To A Human?

We also offer consulting if you need a more hands-on approach. We’ve helped 150+ Healthcare companies. Take a look!

Template preview

This table maps all requirements of the ISO 27001:2023 (by section) to the relevant documents (here: OpenRegulatory templates).

Note that the document names in the “Fulfilled in Document” column are based on the OpenRegulatory templates. You’ll probably have a different system for assigning document names, so feel free to rename them.

SectionTitleFulfilled in Document
4.1Understanding the organization and its context
4.2Understanding the needs and expectations of interested parties
4.3Determining the scope of the information security management systemInformation Security Policy And Scope
4.4Information security management systemInformation Security Policy And Scope
5.1Leadership and commitmentInformation Security Policy And Scope
5.2PolicyInformation Security Policy And Scope
5.3Organizational roles, responsibilities and authoritiesInformation Security Policy And Scope
6.1.1Actions to address risks and opportunities – GeneralSOP Information Security Risk Assessment
6.1.2Information security risk assessmentSOP Information Security Risk Assessment
6.1.3Information security risk treatmentSOP Information Security Risk Assessment, Information Security Controls
6.2Information security objectives and planning to achieve them
6.3Planning of changes
7.1Support – Resources
7.5.1Document information – General
7.5.2Creating and updating
7.5.3Control of documented information
8.1Operation – Operational planning and control
8.2Information security risk assessment
8.3Information security risk treatment
9.1Performance evaluation – Monitoring, measurement, analysis and evaluation
9.2.1Internal audit – General
9.2.2Internal audit programme
9.3.1Management review – General
9.3.2Management review inputs
9.3.3Management review results
10.1Improvement – Continual improvement
10.2Nonconformity and corrective action
Annex AInformation security controls referencesInformation Security Controls

Template Copyright openregulatory.com. See template license.

Please don’t remove this notice even if you’ve modified contents of this template.

Template preview


Leave the first comment