On C-Level you’ll need to define, implement (and review on at least an annual basis) your ISMS objectives.
In the [Template ISO27001 Mandatory topics Documentation – Chapter 6.2] we’ve defined how to address this topic.
For the first year, the objective is, ’to establish an ISMS that can meet ISO 27001 standards (and get you certified)’.
Some auditors are not happy with just that, so add at least one other, e.g., 0 data breaches.
Later, you can use the following information to define new ISMS Objectives:
- Measures & Controls – Security Metrics; you will define (per X-Ray component) metrics that you will monitor on a monthly basis. You can add ambitions e.g., that you will not exceed the acceptable levels of the metrics.
- During Management Review you will need to check if you have reached your ISMS objective and what your new objectives will be for next year. Use the Management Review content to determine what your next objectives will be.
Describe (at a high level) what needs to be done and the resources needed, and assign an owner.
Value / Description
Free text field
To achieve ISO 27001 certification within the next year
Select active/not active – currently applicable objective or outdated and therefore not active
Select the date when objective was formulated
23 Sept, 2021
Select the owner from the dropdown menu with all of the team members
ISO 27001 certificate
Standard ISMS objective control
Yearly review of the objectives and strategy