top of page
empty-signboard-entrance-subway (1).jpg


As with most ISO standards there is a theme to follow. Implementation of the ISMS should be planned in the context of applicable and proportionate risk within scope of what is the target of certification, appropriate controls introduced, audited and any corrective actions applied. Applicable controls are drawn from Annex A.


For a little more detail on how ISO/IEC 27001:2013 is broken down to 11 Sections and Annex A, click here

bottom of page