27001 2013 Plain English Outline

This web page presents a Plain English outline of the new
ISO IEC 27001 information security standard. For a more detailed
please see ISO IEC 27001 2013 Translated into Plain English.

Also see NIST Cybersecurity Framework and NIST Privacy Framework.

                        27001 Information Security Management Standard

4. Contextual requirements

4.1 Understand your organization and its particular context.

4.2 Define the needs and expectations of your interested parties.

4.3 Figure out what your ISMS should apply to and clarify its scope.

4.4 Develop an ISMS that complies with this international standard.

5. Leadership requirements

5.1 Provide leadership and show that you support your ISMS.

5.2 Establish an appropriate information security policy.

5.3 Assign responsibility and authority for your ISMS.

6. Planning requirements

6.1 Specify actions to manage risks and address opportunities.

6.1.1 Consider risks and opportunities when you plan your ISMS.

6.1.2 Establish an information security risk assessment process.

6.1.3 Develop an information security risk treatment process.

6.2 Set security objectives and develop plans to achieve them.

7. Support requirements

7.1 Support your ISMS by providing the necessary resources.

7.2 Support your ISMS by making sure that people are competent.

7.3 Support your ISMS by making people aware of their responsibilities.

7.4 Support your ISMS by identifying your communication needs.

7.5 Support your ISMS by managing all relevant information.

7.5.1 Include the information and documents that your ISMS needs.

7.5.2 Manage the creation and modification of your ISMS documents.

7.5.3 Control your organization's ISMS information and documents.

8. Operational requirements

8.1 Carry out operational planning and control your processes.

8.2 Conduct regular information security risk assessments.

8.3 Implement your information security risk treatment plan.

9. Evaluation requirements

9.1 Monitor, measure, analyze, and evaluate your information security.

9.2 Set up an internal audit program and use it to evaluate your ISMS.

9.3 Review performance of your organization's ISMS at planned intervals.

10. Improvement requirements

10.1 Identify nonconformities and take corrective actions.

10.2 Enhance the overall performance of your ISMS.


 If you'd like to see how we've translated each of the above sections into
Plain English, please check out our more detailed ISO IEC 27001 webpage.


Introduction to ISO IEC 27001 2013

Plain English Overview of ISO IEC 27001 2013

ISO IEC 27000 2014 Definitions in Plain English

ISO IEC 27001 2013 Translated into Plain English

ISO IEC 27001 2005 versus ISO IEC 27001 2013

Plain English Information Security Checklist

Introduction to ISO IEC 27001 2013 Annex A

Information Security Gap Analysis Tool

ISO IEC 27002 2013 PAGES

ISO IEC 27002 2013 Introduction

Overview of ISO IEC 27002 2013 Standard

Information Security Control Objectives

How to Use ISO IEC 27002 2013 Standard

ISO IEC 27002 2013 versus ISO IEC 27002 2005

ISO IEC 27002 2013 Translated into Plain English

Plain English ISO IEC 27002 2013 Audit Questionnaire

Plain English ISO IEC 27002 2013 Security Checklist

Updated on April 5, 2021. First published on November 12, 2013.

Home Page

Our Library

A to Z Index


How to Order

Our Products

Our Prices


Praxiom Research Group Limited                 780-461-4514

Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are, of course, welcome to view our material as often
as you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright 2013 - 2021 by Praxiom Research Group Ltd. All Rights Reserved.

Praxiom Research
        Group Limited