ISMS Objectives

On C-Level youll need to define, implement (and review on at least an annual basis) your ISMS objectives.  

In the [Template ISO27001 Mandatory topics Documentation – Chapter 6.2] we’ve defined how to address this topic.  

For the first year, the objective is, ’to establish an ISMS that can meet ISO 27001 standards (and get you certified)’. 
Some auditors are not happy with just that, so add at least one other, e.g., 0 data breaches.  

Later, you can use the following information to define new ISMS Objectives: 

  • Measures & Controls – Security Metrics; you will define (per X-Ray component) metrics that you will monitor on a monthly basis. You can add ambitions e.g., that you will not exceed the acceptable levels of the metrics. 
  • During Management Review you will need to check if you have reached your ISMS objective and what your new objectives will be for next year. Use the Management Review content to determine what your next objectives will be.  

Describe (at a high level) what needs to be done and the resources needed, and assign an owner. 

Field 

Value / Description  

Example 

Objective 

Free text field 

To achieve ISO 27001 certification within the next year 

Status 

Select active/not active – currently applicable objective or outdated and therefore not active 

Active 

Starting date 

Select the date when objective was formulated 

23 Sept, 2021 

Owner 

Select the owner from the dropdown menu with all of the team members 

Jonathan Tachi 

Key results 

Free text 

ISO 27001 certificate 

Standard ISMS objective control  

Free text 

Yearly review of the objectives and strategy 

Evidence 

 

Certificate 

 

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.