MENU
TH EN
Home / Knowledge : Administration & Management

ISO/IEC 27001 Controls Handbook 2: Organizational Controls

Title Thumbnail & Hero Image: Organizational, developed on Jan.23, 2026 
ISO/IEC 27001 Controls Handbook 2: Organizational Controls 
First revision: Jan.23, 2026
Last change: Jan.23, 2026
Searched, gathered, rearranged, translated, and compiled by Apirak Kanchanakongkha.
1.
Page 1 (21)
5. Organizational controls
1.
5.1 Policies for information security
1.
enlightened What does this control require?
1.
 To be allowed to claim conformity with Control 5.1, your organization must have achieved the following [3]:
  • An information security policy has been defined.
  • Topic-specific policies are defined.
  • Policy and topic-specific policies have been approved by management.
  • Policy and topic-specific policies are published.
  • Policy and topic-specific policies are communicated to relevant personnel.
  • Policy and topic-specific policies are communicated to relevant interested parties.
  • Policy and topic-specific policies are acknowledged by personnel and interested parties.
  • Policy and topic-specific policies are reviewed at planned intervals.
  • Policy and topic-specific policies are reviewed if significant changes occur. 
1.
enlightenedWhat is this control about?
mail INFORMATION SECURITY POLICY
Control 5.1 distinguishes between information security policy and topic-specific policies. What is information security policy?






 
back
humanexcellence.thailand@gmail.com
© HUEXONLINE.COM. All Rights Reserved.
Visit : 6302525