Workflow Templates: ISO/IEC 27001 Compliance Checklist

Information Security Policies

Review and establish the scope of the information security management system (ISMS).

Develop, approve, and publish information security policies that align with ISO/IEC 27001 requirements.

Ensure policies are communicated to all employees and relevant external parties.

Organization of Information Security

Define roles and responsibilities for information security management.

Establish a framework for risk assessment and risk treatment.

Implement a process for information security incident management.

Human Resource Security

Screen employees and contractors prior to employment to ensure they meet all security requirements.

Ensure all employees and contractors are aware of and fulfill their information security responsibilities.

Formalize a disciplinary process for security breaches.

Asset Management

Identify and classify information assets to apply appropriate protection.

Define appropriate handling requirements for different types of information assets.

Implement a procedure for the return of assets upon employee termination or change of role.

Access Control

Establish a user registration and de-registration process.

Implement a user access provisioning system.

Control the allocation of privileged access rights.

Cryptography

Determine the requirements for cryptography based on the data protection needs.

Implement strong encryption methods for protecting sensitive information during transmission and at rest.

Manage cryptographic keys throughout their lifecycle.

Physical and Environmental Security

Secure areas to prevent unauthorized physical access, damage, and interference to the organization's information and information processing facilities.

Protect against environmental hazards such as fire, flood, and other disasters.

Manage the secure disposal or reuse of equipment.

Operations Security

Establish and maintain documented operating procedures for information processing and management.

Ensure the protection from malware and monitor its effectiveness.

Implement a process to manage technical vulnerabilities.

Communications Security

Implement network security controls to protect information in networks.

Segregate networks where necessary and control network services.

Manage information transfer policies and procedures.

System Acquisition, Development and Maintenance

Ensure security is integrated into information systems acquisition, development, and maintenance.

Protect applications from threats and vulnerabilities during development.

Manage the security of information systems used for processing or accessing information.

Supplier Relationships

Implement a process to identify and assess the risks associated with suppliers and third-party service providers.

Include information security clauses in contracts with suppliers.

Monitor, review, and audit supplier service delivery.

Information Security Incident Management

Establish an incident response and management procedure.

Report information security events and weaknesses consistently and promptly.

Test and review the incident management process regularly.

Information Security Aspects of Business Continuity Management

Establish and maintain a documented business continuity management process.

Conduct business impact analysis to identify critical business processes and the impact of potential threats.

Develop and implement plans for business continuity and the recovery of information security.

Compliance

Identify relevant legislative, regulatory, and contractual requirements.

Ensure that information security policies and procedures are in compliance with these requirements.

Perform regular information security reviews, audits, and conduct compliance checks.

Template Library Home

ISO/IEC 27001 Compliance Checklist

Information Security Policies

Organization of Information Security

Human Resource Security

Asset Management

Access Control

Cryptography

Physical and Environmental Security

Operations Security

Communications Security

System Acquisition, Development and Maintenance

Supplier Relationships

Information Security Incident Management

Information Security Aspects of Business Continuity Management

Compliance

Use this template in Manifestly

Template Library Home

ISO/IEC 27001 Compliance Checklist

Information Security Policies

Organization of Information Security

Human Resource Security

Asset Management

Access Control

Cryptography

Physical and Environmental Security

Operations Security

Communications Security

System Acquisition, Development and Maintenance

Supplier Relationships

Information Security Incident Management

Information Security Aspects of Business Continuity Management

Compliance

Use this template in Manifestly

Ready to take control of your recurring tasks?