Build or upgrade your ISMS on our platform

Resources, Competence, Awareness & Communication for ISO 27001 7.1 – 7.4

ISO 27001 Section 7.1 – Resources

A requirement of ISO 27001 is to provide an adequate level of resources so that you can maintain and continually improve your information security management system (ISMS).

ISO 27001 Section 7.2 – Competence

The aim here is to demonstrate an adequate and proportionate level of information security knowledge and competence. These can be internal or external resources, for example, if you had an information security advisor coming into the company for a short period of time.

Competence of the individuals involved with the ISMS should be assessed, the organisation’s requirements identified and agreed what is adequate competence. Then you should identify how to fill any gaps.

The organisation should commit to providing training, education or mentoring to any individual tasked with maintaining information security.

ISO 27001 Section 7.3 – Awareness

The person responsible for managing the information security management system should be aware of everything concerned with the policies and controls held within it.

  • Have they read and understood the organisation’s information_security”>information security policy?
  • Do they understand the importance of maintaining and continually improving an ISMS?
  • Do they understand the implications o not maintaining the ISMS and meeting the requirements of ISO 27001?

ISO 27001 Section 7.4 – Communication

The organisation should have a plan in place for communicating, internally and externally, information about the information security management system – this could include the benefits of using an ISMS. A formal process of communication should be agreed and documented.

The process could include the following:

  • what will be communicated;
  • when it will be communicated;
  • with whom;
  • who shall own the communication; and
  • the process
Achieve ISO 27001 first time

How to easily demonstrate 7.1 – 7.4 Resources

The platform makes it easy for you to determine and provide the necessary resources, competencies, awareness and communication capabilities for establishing and implementing an ISMS.

Step 1 : Adopt, adapt and add

Our pre-configured ISMS provides a single policy that covers requirements 7.1, 7.2, 7.3 and 7.4. The AAA content references other policies and controls that evidence resource management, as well as mechanisms and features within that make it easy to address this requirement.

The AAA framework for 7.1-7.4 can be adapted to reflect any additional training, coaching or consulting that your organisation has invested in, including the Virtual Coach programme.

You are provided with ready-made controls and references to subordinate policies that can be adopted, adapted, or added to out of the box.

This means that you have ready-made simple to follow foundation for ISO 27001 compliance or certification giving you a 77% head start.

Step 1 : Adopt, adapt and add

Step 2 : Demonstrate to your auditors

You can easily demonstrate your work to auditors by recording your evidence within the platform e.g. data, policies, controls, procedures, risks, actions, projects, related documentation and reports.
Step 2 : Demonstrate to your auditors

Step 3 : A time-saving path to certification

Our Assured Results Method, ARM, is your simple, practical, time-saving path to first-time ISO 27001 compliance or certification. Requirements 7.1-7.4 are part of the third section that ARM will guide you on, where once the foundations of your ISMS have been paid, and Annex A controls have been described, you’ll detail how you comply with the remaining core requirements.
Step 3 : A time-saving path to certification

Step 4 : Extra support whenever you need it

If you need extra support, our optional Virtual Coach provides context-specific help whenever you need it. Additionally, our Service Delivery Team and your Account Manager are only ever a phone call away.
Step 4 : Extra support whenever you need it

Platform features

Disconnected templates and toolkits supported by an expensive consultant just don’t cut it anymore. You need an ISMS that works for you both now and as your business grows.

Book a demo