All types Page Article White Paper Download
Solutions The best route to security compliance
Hicomply Privacy™ ISO 27001 ISO 9001 ISO 14001 SOC 2 NHS DSPT NIST 800-53 Hicomply GRC™ Services & Customer Support
Platform A powerful suite of ISMS features
Dashboard ISMS Scoping Policy Management Risk Management Information Asset Management Task Management Integrations Hicomply for Enterprises Trust Centre Controls Monitor Hicomply AI
Resources Everything you need to know
Knowledge & Insights Resources Hub Case Studies Sectors Glossary News ROI Calculator
Knowledge Base Learn more about infosec
ISO 27001 Knowledge Base SOC 2 Knowledge Base NHS DSPT Knowledge Base PCI DSS Knowledge Base NIST 800-53 Knowledge Base
Company Security and customers first
About News Partners Careers Contact

ISO 27001 Clause 7.1: Resources

Read the requirements of ISO 27001 Clause 7.1: Resources, which provides information about the resources and types of resources required to establish, implement, maintain and continually improve the ISMS.

This clause of the standard requires the organisation to decide and allocate the correct and sufficient resources to implement and operate the ISMS. The organisation must ensure that the required resources are available for each stage of implementing the ISMS, from establishment to ongoing development.

As established in clause 5.3, the roles and responsibilities related to the ISMS should be clearly defined, and clause 7.1 specifies the need to have an adequate level of resources in place for the people in these roles to fulfil them. This includes the following types of resources:

  1. People: Are there enough members of staff in place to fulfil the roles and responsibilities required?
  1. Time: Do staff have enough hours set aside to realistically work on establishing, implementing, maintaining and continually improving their par of the ISMS?
  1. Skill: Does the workforce have the requisite knowledge and skills required? Is there a training need to bridge any particular gaps?
  1. Software and hardware: Are the relevant software and hardware solutions in place?

These are some of the key considerations that senior leadership should take into account when assessing the resources available to them to establish, implement, maintain and continually improve the ISMS.