Leadership and commitment for ISO 27001 Requirement 5.1

What does ISO 27001 Section 5.1 involve?

The leadership section of ISO 27001 focuses very much on the importance of information security being supported, both visibly and materially, by senior management.

Information security management is a business critical process and must be compatible with an organisations business objectives and processes. Arguably, without leadership support, the ISO 27001 journey will struggle to get off the ground.

Being able to demonstrate this leadership commitment is essential here, and that’s where a working information security management system comes in to play.

Maintaining ISO 27001 certification requires an annual surveillance audit and being able to demonstrate this leadership commitment is essential here. That’s where a working information security management system comes in to play.

This clause identifies specific aspects of the management system where top management are expected to demonstrate both leadership and commitment. These include but are not limited to:

  • Accountability for the effectiveness of the management system;
  • Ensuring the policy and objectives are established and are compatible with the context and strategic direction of the organisation;
  • Ensuring the integration of the management system are embedded into business processes;
  • Promoting the use of the process approach and risk-based thinking
  • Ensuring adequate resources are in place;
  • Ensuring the management system achieves its intended results;
  • Engaging, directing and supporting persons to contribute to the effectiveness of the management system

If leadership are not actively involved e.g. don’t participate in management reviews or cannot demonstrate to the external auditor they are taking it seriously during an audit then the organisation will almost certainly fail.

How to meet the requirements of ISO 27001:2013/17 – Sect 5.1

Assuming that leadership is actually engaged in the ISMS, the requirement to demonstrate that commitment is another easy one to meet using the ISMS.online software for managing your complete ISMS.

We have included a template policy with a suggested statement for you to adopt or adapt concerning what your senior management are doing around and within your ISMS.

It links to the areas where your senior management will typically be involved making it really simple for your audit to see the evidence he needs.

You will use the platform to evidence management review meetings have taken place, which include the evaluation of how your ISMS is performing against it’s stated objectives. You can reference the attendees and make notes across your ISMS, in relevant areas where leadership has shown support or are involved in decisions.

Discover how ISMS.online will accelerate your ISO 27001 implementation


The ISO 27001 Annex A Controls are listed below:

Need a set of ISO 27001 policies for your ISMS?

ISMS.online includes practical policies and controls for your organisation to easily adopt, adapt and add to, giving you a
77% head start with ISO 27001


Discover how you can save time & reduce management resource using ISMS.online to achieve & maintain your ISO 27001 ISMS

ISMS Online Rating: 5 out of 5
Share This