Information Security Policies

ISO 27001 Annex A.5

What is the objective of Annex A.5.1 of ISO 27001:2013?

Annex A.5.1 is about management direction for information security. The objective in this Annex is to manage direction and support for information security in line with the organisation’s requirements, as well as in accordance with relevant laws and regulations. It includes the two controls listed below.


A.5.1.1 Policies for information security

A set of policies for information security shall be defined, approved by management, published and communicated to employees and relevant external parties.

Note: the organisational Information Security Policy is a mandatory document under both ISO 27001 (requirements 5.2) and GDPR compliance requirements (Data protection assurance – security policy). This mandatory policy is included in policies and controls documentation, ready to adopt, adapt or add to.

A.5.1.2 Review of the policies for information security

The policies for information security shall be reviewed at planned intervals, or if significant changes occur, to ensure their continuing suitability, adequacy and effectiveness.

Note: this is another policy included in the policy documentation. The software also includes features and tools to manage the maintenance and review of your ISMS. This includes management reviews, audits and corrective actions and improvements which can all be evidenced in the platform and with reminders set to ensure no review is ever missed.

More help on the ISO 27001 requirements and Annex A Controls can be found in the Virtual Coach

which complements our frameworks, tools and policy content.


Discover how you can save time & reduce management resource using to achieve & maintain your ISO 27001 ISMS

The ISO 27001 Annex A Controls are listed below:

Need a set of ISO 27001 policies for your ISMS? includes practical policies and controls for your organisation to easily adopt, adapt and add to, giving you a
77% head start with ISO 27001


Discover how you can save time & reduce management resource using to achieve & maintain your ISO 27001 ISMS

ISMS Online Rating: 5 out of 5
Share This