ISO 27001 Clause 6.2 Information Security Objectives and Planning to Achieve Them

ISO 27001

ISO 27001 Information Security Objectives and Planning to Achieve Them is an ISO 27001 clause and a requirement of ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems to get ISO 27001 certification.

What is ISO 27001 Clause 6.2?

The organisation shall establish information security objectives at relevant functions and levels. The information security objectives shall:

a) be consistent with the information security policy;
b) be measurable (if practicable);
c) take into account applicable information security requirements, and risk assessment and risk treatment results;
d) be monitored
e) be communicated
f) be updated as appropriate.
g) be available as documented information

The organisation shall retain documented information on the information security objectives. When planning how to achieve its information security objectives, the organisation shall determine

h ) what will be done;
i) what resources will be required;
j) who will be responsible;
k) when it will be completed; and
l) how the results will be evaluated.

ISO 27001:2022 Clause 6.2 Information Security Objectives and Planning to Achieve Them