As with most ISO standards there is a theme to follow. Implementation of the ISMS should be planned in the context of applicable and proportionate risk within scope of what is the target of certification, appropriate controls introduced, audited and any corrective actions applied. Applicable controls are drawn from Annex A.

​

 

For a little more detail on how ISO/IEC 27001:2013 is broken down to 11 Sections and Annex A, click here

​