Solutions The best route to security compliance
Platform A powerful suite of ISMS features
Resources Everything you need to know
Knowledge Base Learn more about infosec
Company Security and customers first

ISO 27001 Clause 8.1: Operational Planning and Control

Read the requirements of ISO 27001 Clause 8.1: Operational Planning and Control

The organisation is now in the implementation stage. The purpose of this section is to plan, implement and control processes needed to meet requirements. Your organisation must implement the actions determined in clause 6 by establishing criteria for the processes and implementing control of the processes in accordance with the criteria.

The organisation must keep documented evidence in the form of records to have confidence that the process was implemented according to the plans to satisfy the ISMS objectives.

The organisation must monitor planned changes in the ISMS as well as understanding the impact of unplanned changes so that their adverse effects can be contained if necessary. While implementing the plans within the organisation, the organisation must ensure that externally provided
processes, products or services that are relevant to the information security management system are controlled.