ISO/IEC 27001•

ISO 27001 Requirement 7.3 – Awareness

See it in action
By Mark Sharron | Updated 14 December 2023

Clause 7.3 of ISO IEC 27001 is a simple one to dovetail in with clause 7.2 around competence and 7.4 around broader communication about the information security management system to all the relevant interested parties.

Jump to topic


What does Clause 7.3 involve?

ISO 27001 is seeking confirmation that the persons doing the work are aware of:

  • The information security policy
  • Their contribution to the effectiveness of the ISMS including benefits from its improved performance
  • What happens when the information security management system does not conform to its requirements

Demonstrating awareness for clause 7.3

As part of a joined up implementation of the ISMS, the resources involved in its building will have participated in the creation of the information security policy for top management to approve (clause 5.2).

They would have a good understanding of their role because it would have been agreed and documented as part of clause 7.1 (and other areas already noted before).

We also recommend that:

  • Anyone involved in an ISMS implementation reads the ISO 27001 standard to understand the requirements and then is shown how they are being addressed in practice (which is easy in ISMS.online). This would include awareness and understanding for 6.1 risk management, 6.2 ISMS objectives and 9.1 broader measurement & evaluation, 9.2 internal audits, 9.3 management reviews, 10.1 non conformities and corrective actions, as well as continual improvements in line with 10.2.
  • In addition to the specific awareness of the ISMS administration and operation above, we also highly recommend that staff involved in the ISMS follow the same path as those who are part of the broader communication in line with clause 7.4 where staff communication, engagement and compliance are considered, which also dovetails into the HR security lifecycle, in particular with Annex A 7.2.2. information security awareness, education and training.

Get certified up to 5x faster with ISMS.online

Compliance doesn’t need to be complicated – ISMS.online is designed to help you achieve ISO 27001 certification quickly and affordably with no training required.
We’ve streamlined the ISO 27001 process with our Assured Results Method, an 80% Headstart, your own 24/7 Virtual Coach, easy onboarding and expert support.

Book a platform demo to see how ISMS.online can help your business

Book a demo

Get an 81% headstart

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

ISO 27001:2022 requirements


ISO 27001:2022 Annex A Controls

Organisational Controls


People Controls


Physical Controls


Technological Controls


About ISO 27001


Streamline your workflow with our new Jira integration! Learn more here.