All types Page Article White Paper Download
Solutions The best route to security compliance
Hicomply Privacy™ ISO 27001 ISO 9001 ISO 14001 SOC 2 NHS DSPT NIST 800-53 Hicomply GRC™ Services & Customer Support
Platform A powerful suite of ISMS features
Dashboard ISMS Scoping Policy Management Risk Management Information Asset Management Task Management Integrations Hicomply for Enterprises Trust Centre Controls Monitor Hicomply AI
Resources Everything you need to know
Knowledge & Insights Resources Hub Case Studies Sectors Glossary News ROI Calculator
Knowledge Base Learn more about infosec
ISO 27001 Knowledge Base SOC 2 Knowledge Base NHS DSPT Knowledge Base PCI DSS Knowledge Base NIST 800-53 Knowledge Base
Company Security and customers first
About News Partners Careers Contact

ISO 27001 Clause 8.1: Operational Planning and Control

Read the requirements of ISO 27001 Clause 8.1: Operational Planning and Control, which covers the planning, implementation and processes of the ISMS. Clause 8.1 should be achieved if compliance with clauses 6.1, 6.2 and 7.5 has already been attained.

Following the adherence to previous clauses, the organisation is now in the implementation stage. The purpose of this section is to plan, implement and control processes needed to meet requirements. An organisation must implement the actions determined in clause 6 by establishing criteria for the processes and implementing control of the processes in accordance with the criteria.

The organisation must keep documented evidence in the form of records to have confidence that the process was implemented according to the plans to satisfy the ISMS objectives.

The organisation must monitor planned changes in the ISMS as well as understand the impact of unplanned changes so that their adverse effects can be contained if necessary. While implementing the plans within the business, the organisation must ensure that externally provided processes, products or services that are relevant to the information security management system are controlled.