ISO 27001:2022 Requirements: Clause 7.1 Resources

This clause of the standard requires the organisation to decide and allocate the correct and sufficient resources to implement and operate the ISMS. The organisation must ensure that the required resources are available for each stage of implementing the ISMS, from establishment to ongoing development.

As established in clause 5.3, the roles and responsibilities related to the ISMS should be clearly defined, and clause 7.1 specifies the need to have an adequate level of resources in place for the people in these roles to fulfil them. This includes the following types of resources:

• People: Are there enough members of staff in place to fulfil the roles and responsibilities required?
• Time: Do staff have enough hours set aside to realistically work on establishing, implementing, maintaining and continually improving their part of the ISMS?
• Skill: Does the workforce have the requisite knowledge and skills required? Is there training needed to bridge any particular gaps?
• Software and hardware: Are the relevant software and hardware solutions in place?

These are some of the key considerations that senior leadership should take into account when assessing the resources available to them to establish, implement, maintain and continually improve the ISMS.