The ISO 27001:2024 Manual
The “GUIDE” function of the new ISO 27001 Manual
The Information Security Management System Manual under ISO 27001:2024 is designed to provide guidance for:
- The development of the system, its processes and its documentation for consultants and managers of the organization
- The understanding and effective use of the management system by the organization’s personnel
- Consultation, by interested parties, of the security safeguards established for information
The phase structure: PLAN, DO, CHECK, ACT
The Manual, following the part reserved for the description of the organization and its activities, explains the development logic of the system and illustrates the design of the corresponding document system.
To facilitate full understanding of how the system works, the Manual illustrates the system divided into sections: PLAN, DO, CHECK, ACT (Deming cycle).
In each section the Manual describes:
- The regulatory requirements of ISO 27001:2024 covered
- How the organization fulfills the requirements
- The processes and activities performed
- Documentation and records
The Manual as a support for internal training
The Manual, in addition to the descriptive contents, provides the flow charts of all the system processes in which, during training activities for staff, the organization has the opportunity to visually illustrate:
- The activities performed in the processes governed by the procedures
- The flow of information processed within the processes
- The document flow produced by the execution of process activities
