OpenRegulatory Template

ISO 27001:2023 Mapping of Requirements to Documents

This table maps all requirements of the ISO 27001:2023 (by section) to the relevant documents (here: OpenRegulatory templates).

Note that the document names in the “Fulfilled in Document” column are based on the OpenRegulatory templates. You’ll probably have a different system for assigning document names, so feel free to rename them.

Section Title Fulfilled in Document
4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the information security management system Information Security Policy And Scope
4.4 Information security management system Information Security Policy And Scope
5.1 Leadership and commitment Information Security Policy And Scope
5.2 Policy Information Security Policy And Scope
5.3 Organizational roles, responsibilities and authorities Information Security Policy And Scope
6.1.1 Actions to address risks and opportunities - General SOP Information Security Risk Assessment
6.1.2 Information security risk assessment SOP Information Security Risk Assessment
6.1.3 Information security risk treatment SOP Information Security Risk Assessment, Information Security Controls
6.2 Information security objectives and planning to achieve them
6.3 Planning of changes
7.1 Support - Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5.1 Document information - General
7.5.2 Creating and updating
7.5.3 Control of documented information
8.1 Operation - Operational planning and control
8.2 Information security risk assessment
8.3 Information security risk treatment
9.1 Performance evaluation - Monitoring, measurement, analysis and evaluation
9.2.1 Internal audit - General
9.2.2 Internal audit programme
9.3.1 Management review - General
9.3.2 Management review inputs
9.3.3 Management review results
10.1 Improvement - Continual improvement
10.2 Nonconformity and corrective action
Annex A Information security controls references Information Security Controls

Template Copyright openregulatory.com. See template license.

Please don’t remove this notice even if you’ve modified contents of this template.