The new ISO 45001:2018 standard for Occupational health and safety is now an ISO standard unlike previous version OHSAS 18001 standard. Its core text remains similar to ISO 9001:2015 standard and other ISO standards having 10 clauses.
2. ISO 27001
◦ ISO/IEC 27001:2013 specifies the requirements for establishing, implementing,
maintaining and continually improving an information security management system
within the context of the organization.
3. Summary of Clauses
◦ Clause 1: Scope
◦ Clause 2: Normative References
◦ Clause 3: Terms and Definitions
◦ Clause 4: Context of Organisation
◦ Clause 5: Leadership
◦ Clause 6: Planning
◦ Clause 7: Support
◦ Clause 8: Operation
◦ Clause 9: Performance Evaluation
◦ Clause 10: Continual Improvement
8.1 Operational Planning and Control
8.2 Information security risk assessment
8.3 Information security risk treatment
6.1 Actions to address risk and
opportunities
6.2 IT objectives and planning to
achieve them
6. Security Domains – ISO 27001:2013
1. Scope, Information Security Management System
2. Information Security Policies (A.5)
3. Organization of Information Security (A.6)
4. Human Resource Security (A.7)
5. Asset Management (A.8)
6. Access Control (A.9)
7. Cryptography (A.10)
8. Physical and Environmental Security (A.11)
9. Operations Security (A.12)
10. Communications Security (A.13)
11. System Acquisition, Development, and Maintenance (A.14)
12. Supplier Relationships (A.15)
13. Information Security Incident Management (A.16)
14. Information Security Aspects of Business Continuity Management (A.17)
15. Compliance (A.18)
◦ & risk assessment…
114 Controls
Annex A
7. Risk Assessment- Asset Based
# Document Purpose Owner
1 Asset Register Identify critical business information, where it
exists, and who owns it
Respective Team
2 Risk Assessment Identify potential data loss or security threats
and resulting impact to the business
Respective Team
3 Risk Treatment Plan (RTP) Define the preferred procedure the
organization should follow in the event of a
security breach. Additional security controls to
be implemented are recommended here.
Respective Team
4 Implementation Procedure Lists all current controls in place to ensure
security. Once additional controls from RTP are
implemented, they will be added here.
Respective Team
• Accept
• Mitigate
• Transfer
• Avoid
Lists all
applicable
controls from
the previous
slide