Information security objectives (draft)

ISO 27001 expects measurable information security objectives. This page provides a minimal structure for defining objectives without inventing values.

Owner	Information Security Officer
Contact	infra@lef.tec.br
Version	0.1
Last updated	2025-12-24
Review cadence	At least annually

Keep it small

Start with a few objectives that are easy to measure and review. Expand only if it helps decisions.

Objectives (template)

Objective	Measure	Target	Frequency	Owner	Evidence location

Notes

Objectives should be reviewed in Management review (draft), and improvements should feed into corrective actions where needed.

Related

Governance & ISMS Management review Risk management