ISO 27001 Operational Planning and Control is an ISO 27001 clause and a requirement of ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems to get ISO 27001 certification.
What is ISO 27001 Clause 8.1?
The organisation shall plan, implement and control the processes needed to meet information security requirements, and to implement the actions determined in clause 6 by
– establishing criteria for processes
– implementing control of the processes in accordance with the criteria
Documented information shall be available to the extent necessary to have confidence that the processes have been carried out as planned.
The organisation shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.
The organisation shall ensure that externally provided processes, products or services that are relevant to the information security management system are controlled
ISO 27001:2022 Clause 8.1 Operational Planning and Control