All types Page Article White Paper Download
Solutions The best route to security compliance
Hicomply Privacy™ ISO 27001 ISO 9001 ISO 14001 SOC 2 NHS DSPT NIST 800-53 Hicomply GRC™ Services & Customer Support
Platform A powerful suite of ISMS features
Dashboard ISMS Scoping Policy Management Risk Management Information Asset Management Task Management Integrations Hicomply for Enterprises Trust Centre Controls Monitor Hicomply AI
Resources Everything you need to know
Knowledge & Insights Resources Hub Case Studies Sectors Glossary News ROI Calculator
Knowledge Base Learn more about infosec
ISO 27001 Knowledge Base SOC 2 Knowledge Base NHS DSPT Knowledge Base PCI DSS Knowledge Base NIST 800-53 Knowledge Base DORA Knowledge Base
Company Security and customers first
About News Partners Contact

ISO 27001 Clause 8

Learn about the requirements for ISO 27001 Clause 8, which covers operational planning and control, as well as risk assessment and risk treatment, as laid out in clause 6.1.3.

Clause 8 consists of the following sub-clauses:

ISO 27001 Clause 8.1

Clause 8.1 covers operational planning and control, implementing actions previously determined in clause 6. If organisations have already attained clauses 6.1, 6.2 and 7.5, then clause 8.1 should be automatically covered.

ISO 27001 Clause 8.2

Clause 8.2 concerns risk assessment, which should be an ongoing part of the ISMS process. Like its predecessor, this clause should already be complete if a previous clause, this time 6.1.2, has already been attained.

ISO 27001 Clause 8.3

Clause 8.3 reiterates the information security risk treatment covered by clause 6.1.3, as well as stating the need for documenting all risk treatment process results.