General > Iso 27001 checklist

Anonymous User

This checklist can be used to assess the readiness of the organization for iso 27001 certification. help discover process gaps and review your organization's isms based on the iso 27001:2013 standard.


4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the information security management system
4.4 Information security management system
5.1 Leadership and commitment
Management shall provide evidence of its commitment to the establishment, implementation, operation, monitoring, review, maintenance and improvement of the ISMS by:
5.2 Policy
5.3 Organizational roles, responsibilities and authorities
6.1 Actions to address risks and opportunities
6.1.1 General
6.1.2 Information security risk assessment
The organization shall define and apply an information security risk assessment process that:
6.1.3 Information security risk treatment
The organization shall define and apply an information security risk treatment process to:
6.2 Information security objectives and plans to achieve them
7.1 Resources
7.2 Competence
The organization shall:
7.3 Awareness
Persons doing work under the organization’s control shall be aware of:
7.4 Communication
The organization shall determine the need for internal and external communications relevant to the information security management system including:
7.5 Documented information
7.5.1 General
The organization’s information security management system shall include:
7.5.2 Creating and updating
When creating and updating documented information the organization shall ensure appropriate:
7.5.3 Control of documented information
Documented information required by the information security management system and by this International Standard shall be controlled to ensure:
For the control of documented information, the organization shall address the following activities, as applicable:
8.1 Operational planning and control
8.2 Information security risk assessment
8.3 Information security risk treatment
9.1 Monitoring, measurement, analysis and evaluation
The organization shall determine:
9.2 Internal audit
9.3 Management review
The management review shall include consideration of:
10.1 Nonconformity and corrective action
When a nonconformity occurs, the organization shall:
The organization shall retain documented information as evidence of:
10.2 Continual improvement


Download Template

Build Your Own Digital Forms

With the Form Builder you can create perfect forms. It's easy, intuitive, and powerful.

Or follow us on our social platforms

© 2021 DataScope