All types Page Article White Paper Download
Solutions The best route to security compliance
Hicomply Privacy™ ISO 27001 ISO 9001 ISO 14001 SOC 2 NHS DSPT NIST 800-53 Hicomply GRC™ Services & Customer Support
Platform A powerful suite of ISMS features
Dashboard ISMS Scoping Policy Management Risk Management Information Asset Management Task Management Integrations Hicomply for Enterprises Trust Centre Controls Monitor Hicomply AI
Resources Everything you need to know
Knowledge & Insights Resources Hub Case Studies Sectors Glossary News ROI Calculator
Knowledge Base Learn more about infosec
ISO 27001 Knowledge Base SOC 2 Knowledge Base NHS DSPT Knowledge Base PCI DSS Knowledge Base NIST 800-53 Knowledge Base
Company Security and customers first
About News Partners Careers Contact

ISO 27001 Clause 7.3: Awareness

Read the requirements of ISO 27001 Clause 7.3: Awareness, which builds on the information security policy detailed in clause 5.2 to ensure ISMS awareness for interested parties.

Awareness can be linked to competence in the standard, as a person cannot be competent if they are not aware of their ISMS roles and responsibilities. As per the standard, any person working in the organisation must be aware of the information security policy that is in force at the time, as per clause 5.2.

Senior leadership must, therefore, ensure that they communicate clearly and regularly with all relevant interested parties. It is also vital that the senior leadership of an organisation communicate any changes to the information security policy, or update the interested parties if a new policy is implemented.

Individuals should know what and how much they are contributing to the effectiveness of the ISMS and what this improved efficiency will bring to the information security performance, in line with the ISO 27001 focus on continual improvement.

Anyone working under the organisation's control must also be aware of the consequences if they are not conforming to the ISMS requirements.