ISMS Objectives
On C-Level you’ll need to define, implement (and review on at least an annual basis) your ISMS objectives.
In the [Template ISO27001 Mandatory topics Documentation – Chapter 6.2] we’ve defined how to address this topic.
For the first year, the objective is, ’to establish an ISMS that can meet ISO 27001 standards (and get you certified)’.
Some auditors are not happy with just that, so add at least one other, e.g., 0 data breaches.
Later, you can use the following information to define new ISMS Objectives:
- Measures & Controls – Security Metrics; you will define (per X-Ray component) metrics that you will monitor on a monthly basis. You can add ambitions e.g., that you will not exceed the acceptable levels of the metrics.
- During Management Review you will need to check if you have reached your ISMS objective and what your new objectives will be for next year. Use the Management Review content to determine what your next objectives will be.
Describe (at a high level) what needs to be done and the resources needed, and assign an owner.
Field | Value / Description | Example |
Objective | Free text field | To achieve ISO 27001 certification within the next year |
Status | Select active/not active – currently applicable objective or outdated and therefore not active | Active |
Starting date | Select the date when objective was formulated | 23 Sept, 2021 |
Owner | Select the owner from the dropdown menu with all of the team members | Jonathan Tachi |
Key results | Free text | ISO 27001 certificate |
Standard ISMS objective control | Free text | Yearly review of the objectives and strategy |
Evidence |
| Certificate |
