Solutions The best route to security compliance
Platform A powerful suite of ISMS features
Resources Everything you need to know
Knowledge Base Learn more about infosec
Company Security and customers first

ISO 27001 Clause 8

Learn about the requirements for ISO 27001 Clause 8, which covers operational planning and control, as well as risk assessment and risk treatment, as laid out in clause 6.1.3.

Clause 8 consists of the following sub-clauses:

ISO 27001 Clause 8.1

Clause 8.1 covers operational planning and control, implementing actions previously determined in clause 6. If organisations have already attained clauses 6.1, 6.2 and 7.5, then clause 8.1 should be automatically covered.

ISO 27001 Clause 8.2

Clause 8.2 concerns risk assessment, which should be an ongoing part of the ISMS process. Like its predecessor, this clause should already be complete if a previous clause, this time 6.1.2, has already been attained.

ISO 27001 Clause 8.3

Clause 8.3 reiterates the information security risk treatment covered by clause 6.1.3, as well as stating the need for documenting all risk treatment process results.