By Girija Togarati, ISO/IEC 27001 Lead Auditor (CISA, CCSK). Reviewed by Murty Nisthala, Director, Audit and Assessment Services (CISA, CISSP, CCSP).
This ISO 27001 requirements checklist covers what an accredited certification body expects to see in your Information Security Management System.
Management system clauses
ISO 27001 clauses 4 to 10 require you to define the ISMS context and scope, show leadership commitment, plan to address risks, provide resources and competence, operate the ISMS, monitor and audit it, and continually improve.
Core artefacts
Expect to produce an ISMS scope, an information security policy, a risk assessment and risk treatment plan, a Statement of Applicability, internal audit results and a management review.
Annex A controls
You implement the Annex A controls selected to treat your risks, across organisational, people, physical and technological themes. Evidence must show the controls operate, not just that they are documented.
Use the checklist with an expert
A checklist gets you started, but an experienced lead auditor confirms readiness and prevents costly findings. Univate runs a free gap assessment against this checklist.
Univate Solutions delivers ISO 27001 Certification in India end to end, led by an in-house ISO 27001 Lead Auditor. Book a free consultation and get a fixed quote. See all cybersecurity services.
