ISMS Objectives
On C-Level you will need to define your ISMS Objectives, implement and review at least on yearly base.
In the [Template ISO27001 Mandatory topics Documentation – Chapter 6.2] we have defined how to address this topic.
We always advise for the first year the objective is ’to establish an ISMS that can meet ISO27001 standards (and get you certified).
Some auditors are not happy with that – so add at least one other: e.g. 0 data breaches.
Describe high level:
- what need to be done to achieve (high level)
- resources needed
- assign an owner
Field | Value / Description | Example |
Objective | free text field | To achieve ISO27001 Certification within the next year |
Status | select active/not active – currently applicable objective or outdated and therefore not active | Active |
Starting date | select the date when objective was formulated | 23 Sept, 2021 |
Owner | select the owner from the dropdown menu with all of the team members | Jonathan Tachi |
Key results | free text | ISO27001 certificate |
Standard ISMS objective control | free text | yearly review of the objectives and strategy |
Evidence |
| Certificate |
