Awareness For ISO 27001 Requirement 7.3

What is covered under ISO 27001 Clause 7.3?

Clause 7.3 of ISO IEC 27001 is a simple one to dovetail in with clause 7.2 around competence and 7.4 around broader communication about the information security management system to all the relevant interested parties.

ISO 27001 is seeking confirmation that the persons doing the work are aware of:

  • the information security policy
  • their contribution to the effectiveness of the ISMS including benefits from its improved performance 
  • what happens when the information security management system does not conform to its requirements

 

How to demonstrate awareness for clause 7.2 of the ISO 27001 standard

As part of a joined up implementation of the ISMS, the resources involved in its building will have participated in the creation of the information security policy for top management to approve (clause 5.2).  They would have a good understanding of their role because it would have been agreed and documented as part of clause 7.1 (and other areas already noted before). 

We also recommend that:

 

  • In addition to the specific awareness of the ISMS administration and operation above, we also highly recommend that staff involved in the ISMS follow the same path as those who are part of the broader communication in line with clause 7.4 where staff communication, engagement and compliance are considered, which also dovetails into the HR security lifecycle, in particular with Annex A 7.2.2. information security awareness, education and training.

Ready to take action?

Discover how ISMS.online can help you achieve or improve on your ISMS objectives

Need ISO 27001 policies and controls for your ISMS?

ISMS.online includes practical policies and controls for your organisation to easily adopt, adapt and add to, giving you up to 77% head start with ISO 27001 documentation. 

Ready to take action?

Discover how ISMS.online can help you achieve or improve on your ISMS objectives

ISMS Online Rating: 5 out of 5
Share This