Governance & ISMS
This area exists to make policy governance auditable: who owns policies, how they’re reviewed, and how we track security-control coverage when preparing for certifications (like ISO/IEC 27001).
Start here
Section titled “Start here” ISO 27001 readiness A planning view: what artifacts ISO expects, what we have, and what’s missing.
ISMS scope (draft) Define what is (and is not) in scope for ISO/IEC 27001.
Information security policy (draft) Management intent and top-level direction for information security.
Information security objectives (draft) Objectives and measures for improving the ISMS.
Risk management Methodology, risk register, and Statement of Applicability (SoA).
Document control (draft) Control of documented information for the ISMS.
ISMS internal audit (draft) Audit approach and templates.
ISMS management review (draft) Review inputs, outputs, and cadence.
Nonconformity and corrective action (draft) How issues are recorded, corrected, and verified.
Suppliers Supplier security expectations and review approach.
Compliance & alignment Client/vendor questions and high-level alignment claims.