ISO/IEC 27001:2017 Procedures Documents ToolKit
The management procedures deal with the operational processes that characterize the typical activity of the organization, also called primary processes and support processes.
The operational processes that fall within the scope of this management system are the following and are reported, with their original name, by the corresponding procedures drawn up, applied and to be kept in the organization:
- Requirements
- Design
- Outsourcing
- Production
- Preservation
- Non-compliant output control
The scope of application of this management system also includes support processes concerning personnel, resources, analysis and monitoring, audits, and reviews and which are also reported in the corresponding procedures:
- Context monitoring
- Staff organization
- Risk and opportunity management
- Goals
- Asset management
- People and skills
- Communication
- Documented information
- Monitoring, measurement and analysis
- Internal Audits
- Management review
- Non-conformities and corrective actions
- Continuous improvement
Within the same procedures, in relation to the risks and their extent, the security controls indicated in Annex A of the ISO 27001: 2017 standard and described in the “Information Security Plan” have been integrated
