On C-Level you will need to define your ISMS Objectives, implement and review at least on yearly base.
In the [Template ISO27001 Mandatory topics Documentation – Chapter 6.2] we have defined how to address this topic.
We always advise for the first year the objective is ’to establish an ISMS that can meet ISO27001 standards (and get you certified).
Some auditors are not happy with that – so add at least one other: e.g. 0 data breaches.
Describe high level:
- what need to be done to achieve (high level)
- resources needed
- assign an owner
Value / Description
free text field
To achieve ISO27001 Certification within the next year
select active/not active – currently applicable objective or outdated and therefore not active
select the date when objective was formulated
23 Sept, 2021
select the owner from the dropdown menu with all of the team members
Standard ISMS objective control
yearly review of the objectives and strategy