The following table links each section of ISO 27001:2023 to the relevant documents that fulfill these requirements.
| Section | Title | Fulfilled in Document |
|---|---|---|
| 4.1 | Understanding the organization and its context | |
| 4.2 | Understanding the needs and expectations of interested parties | |
| 4.3 | Determining the scope of the information security management system | Information Security Policy And Scope |
| 4.4 | Information security management system | Information Security Policy And Scope |
| 5.1 | Leadership and commitment | Information Security Policy And Scope |
| 5.2 | Policy | Information Security Policy And Scope |
| 5.3 | Organizational roles, responsibilities and authorities | Information Security Policy And Scope |
| 6.1.1 | Actions to address risks and opportunities – General | SOP Information Security Risk Assessment |
| 6.1.2 | Information security risk assessment | SOP Information Security Risk Assessment |
| 6.1.3 | Information security risk treatment | SOP Information Security Risk Assessment, Information Security Controls |
| 6.2 | Information security objectives and planning to achieve them | |
| 6.3 | Planning of changes | |
| 7.1 | Support – Resources | |
| 7.2 | Competence | |
| 7.3 | Awareness | |
| 7.4 | Communication | |
| 7.5.1 | Document information – General | |
| 7.5.2 | Creating and updating | |
| 7.5.3 | Control of documented information | |
| 8.1 | Operation – Operational planning and control | |
| 8.2 | Information security risk assessment | |
| 8.3 | Information security risk treatment | |
| 9.1 | Performance evaluation – Monitoring, measurement, analysis and evaluation | |
| 9.2.1 | Internal audit – General | |
| 9.2.2 | Internal audit programme | |
| 9.3.1 | Management review – General | |
| 9.3.2 | Management review inputs | |
| 9.3.3 | Management review results | |
| 10.1 | Improvement – Continual improvement | |
| 10.2 | Nonconformity and corrective action | |
| Annex A | Information security controls references | Information Security Controls |