ISO 27001 Clause 8.1: Operational Planning and Control
Read the requirements of ISO 27001 Clause 8.1: Operational Planning and Control, which covers the planning, implementation and processes of the ISMS. Clause 8.1 should be achieved if compliance with clauses 6.1, 6.2 and 7.5 has already been attained.
Following the adherence to previous clauses, the organisation is now in the implementation stage. The purpose of this section is to plan, implement and control processes needed to meet requirements. An organisation must implement the actions determined in clause 6 by establishing criteria for the processes and implementing control of the processes in accordance with the criteria.
The organisation must keep documented evidence in the form of records to have confidence that the process was implemented according to the plans to satisfy the ISMS objectives.
The organisation must monitor planned changes in the ISMS as well as understand the impact of unplanned changes so that their adverse effects can be contained if necessary. While implementing the plans within the business, the organisation must ensure that externally provided processes, products or services that are relevant to the information security management system are controlled.