9. The Plan
1. Context of the Organization
2. Leadership - Policy
3. Planning
4. Support
5. Operation
6. Performance evaluation
7. Improvement
ISO 27001:2013
Requirements
10. The Plan
(cont.)
KEY POINTS FOR ANALYSIS ISO 27001:2013 DOMAINS
A8
A9
A11
A13
A10
A15
A7
A12
A17
A16
A14
A18
A5
A6
11. Conclusion
The establishment, implementation and improvement of
an Information Security plan requires a solid and robust
framework.
ISO 27001:2013 contains all the necessary key points to
develop such a plan.
Even if the organization decide not to acquire the
certification, following ISO’s clauses will be beneficial.
On the other hand, the certification can:
1. Provide Competitive advantage
2. Enhance Customer’s confidence
3. Prove commitment to data and privacy protection
4. Increase legislative and regulatory compliance
5. Improve organization’s security
6. Manage Information Security Risks effectively.