Support for ISO 27001 Information Security

ISO 27001 Clause 7 - Support

Clause 7 covers everything the information security management system needs in the way of support to operate effectively. That means people, skills, awareness, communication and documented information. None of these clauses is hard on its own, but they are the clauses that catch organisations out at audit because they are the ones that have to be worked at continuously rather than set up once.

Sub-clauses of ISO 27001 Clause 7

Clause 7.1 - Resources requires the organisation to determine and provide the resources needed for establishing, implementing, maintaining and continually improving the ISMS.

Clause 7.2 - Competence requires the organisation to determine the competence needed for people whose work affects information security performance, make sure they are competent, and retain documented information as evidence.

Clause 7.3 - Awareness requires that people doing work under the organisation's control are aware of the information security policy, their contribution to the ISMS, and the implications of not conforming with ISMS requirements.

Clause 7.4 - Communication requires the organisation to determine the internal and external communications relevant to the ISMS.

Clause 7.5 - Documented Information sets out the requirements for creating, updating and controlling the documented information that the ISMS depends on.