ISO 27001:2022 Annex A 5.36 Checklist Guide •

ISO 27001:2022 Annex A 5.36 Checklist Guide

See how ISMS.online can help your business

See it in action
By Max Edwards | Updated 15 August 2024

Using a checklist for A.5.36 Compliance With Policies, Rules, and Standards for Information Security ensures systematic adherence to regulatory requirements and promotes organisational efficiency. Achieving compliance strengthens data protection, mitigates risks, and enhances stakeholder trust.

Jump to topic

ISO 27001 A.5.36 Compliance With Policies, Rules, and Standards for Information Security Checklist

Objective: Ensure adherence to internal policies, external rules, and industry standards regarding information security to maintain the integrity, confidentiality, and availability of information while fulfilling legal, regulatory, and contractual obligations.

Importance of Compliance: Compliance is crucial for safeguarding sensitive data, maintaining customer trust, and fostering a culture of security awareness.

Non-compliance can lead to data breaches, financial losses, and reputational damage, making a structured approach essential for organisational health and sustainability.


Get an 81% headstart

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

Why Should You Comply With Annex A.5.36? Key Aspects and Common Challenges

1. Policy Development and Maintenance:

Creation and Documentation:

    Challenge: Ensuring policies are comprehensive and up-to-date.

  • Solution: Utilise ISMS.online’s Policy Templates and Regulatory Database.
  • Checklist:
  • Develop policies using templates to ensure comprehensive coverage.

    Document policies centrally within ISMS.online.

    Verify alignment with current regulations using the regulatory database.
  • Related ISO 27001 Clauses: 5.2 (Information security policy), 7.5.1 (Documented information)

Regular Review:

    Challenge: Keeping policies updated with regulatory and organisational changes.

  • Solution: Implement ISMS.online’s Version Control.
  • Checklist:
  • Schedule regular policy reviews.

    Track changes with version control.

    Document review dates and updates in ISMS.online.
  • Related ISO 27001 Clauses: 9.2 (Internal audit), 10.2 (Nonconformity and corrective action)

2. Communication and Awareness:

Policy Dissemination:

    Challenge: Ensuring awareness and understanding of policies.

  • Solution: Use ISMS.online’s Document Access and Policy Pack.
  • Checklist:
  • Distribute policies via ISMS.online document access.

    Require acknowledgment of receipt and understanding.

    Maintain acknowledgment records in the system.
  • Related ISO 27001 Clauses: 7.3 (Awareness), 7.4 (Communication)

Training Programmes:

    Challenge: Conducting effective training programmes.

  • Solution: Leverage ISMS.online’s Training Modules and Training Tracking.
  • Checklist:
  • Develop training programmes using training modules.

    Track training completion and effectiveness.

    Evaluate understanding through assessments and quizzes.

    Record training results and feedback in ISMS.online.
  • Related ISO 27001 Clauses: 7.2 (Competence), 7.3 (Awareness)

3. Implementation and Enforcement:

Roles and Responsibilities:

    Challenge: Defining and communicating roles and responsibilities.

  • Solution: Use ISMS.online’s Role Management.
  • Checklist:
  • Define roles and responsibilities in ISMS.online.

    Assign responsibilities to personnel.

    Document role assignments and updates.
  • Related ISO 27001 Clauses: 5.3 (Organisational roles, responsibilities, and authorities)

Compliance Monitoring:

    Challenge: Continuous monitoring of compliance.

  • Solution: Utilise ISMS.online’s Compliance Monitoring and Audit Management.
  • Checklist:
  • Set up compliance monitoring schedules.

    Conduct periodic audits using audit templates.

    Document audit findings and corrective actions.

    Follow up on corrective actions to resolve issues.
  • Related ISO 27001 Clauses: 9.1 (Monitoring, measurement, analysis, and evaluation), 9.2 (Internal audit)

Non-compliance Management:

    Challenge: Identifying and addressing non-compliance.

  • Solution: Employ ISMS.online’s Incident Management.
  • Checklist:
  • Establish procedures for reporting non-compliance.

    Track non-compliance incidents in ISMS.online.

    Implement corrective actions and document outcomes.

    Review non-compliance trends for improvement.
  • Related ISO 27001 Clauses: 10.1 (Nonconformity and corrective action), 10.2 (Continual improvement)

4. Assessment and Improvement:

Internal Audits:

    Challenge: Conducting thorough and regular audits.

  • Solution: Use ISMS.online’s Audit Templates and Audit Plan.
  • Checklist:
  • Schedule regular internal audits.

    Use audit templates for evaluations.

    Document audit results and recommendations.

    Track and follow up on corrective actions.
  • Related ISO 27001 Clauses: 9.2 (Internal audit), 10.1 (Nonconformity and corrective action)

Continuous Improvement:

    Challenge: Improving policies and procedures based on feedback.

  • Solution: Implement ISMS.online’s Corrective Actions and Continuous Improvement tools.
  • Checklist:
  • Review audit findings to identify improvement areas.

    Develop and implement corrective action plans.

    Monitor effectiveness of corrective actions.

    Regularly update policies and procedures based on feedback.
  • Related ISO 27001 Clauses: 10.1 (Nonconformity and corrective action), 10.2 (Continual improvement)

5. Documentation and Reporting:

Record Keeping:

    Challenge: Maintaining comprehensive records.

  • Solution: Use ISMS.online’s Documentation Management.
  • Checklist:
  • Maintain compliance documents in ISMS.online.

    Ensure documents are up-to-date and accessible.

    Keep detailed records of compliance activities.
  • Related ISO 27001 Clauses: 7.5 (Documented information)

Reporting:

    Challenge: Providing accurate compliance reports.

  • Solution: Leverage ISMS.online’s Reporting Tools.
  • Checklist:
  • Generate detailed compliance reports regularly.

    Include key metrics, audit findings, and corrective actions.

    Share reports with stakeholders and document feedback.

    Use feedback to enhance compliance processes.
  • Related ISO 27001 Clauses: 9.3 (Management review)

Benefits of Compliance

  • Risk Mitigation: Reduces the risk of security incidents by ensuring robust policies and controls are in place and followed.
  • Regulatory Adherence: Helps the organisation comply with legal, regulatory, and contractual requirements, avoiding potential penalties and legal issues.
  • Reputation Management: Enhances the organisation’s reputation by demonstrating a commitment to information security and responsible management of information assets.
  • Operational Efficiency: Promotes a consistent and structured approach to information security, leading to more efficient and effective operations.

By leveraging the features of ISMS.online and addressing common challenges with a detailed checklist, organisations can effectively demonstrate compliance with A.5.36 Compliance With Policies, Rules, and Standards for Information Security.

This ensures that their information security management system (ISMS) remains robust, adaptive, and aligned with best practices and regulatory expectations, achieving operational excellence and comprehensive risk management.


Compliance doesn't have to be complicated.

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

Detailed Annex A.5.36 Compliance Checklist

1. Policy Development and Maintenance:

Develop policies using ISMS.online’s policy templates.

Document all policies within the ISMS.online system.

Verify alignment of policies with current regulations using the regulatory database.

Schedule regular policy reviews.

Use version control to track changes.

Document review dates and changes in ISMS.online.

2. Communication and Awareness:

Distribute policies through ISMS.online document access.

Ensure all stakeholders acknowledge receipt and understanding.

Maintain records of acknowledgments in the system.

Develop training programmes using ISMS.online training modules.

Track training completion and effectiveness.

Evaluate understanding through assessments and quizzes.

Record training results and feedback in ISMS.online.

3. Implementation and Enforcement:

Define roles and responsibilities in ISMS.online.

Assign responsibilities to appropriate personnel.

Document role assignments and updates.

Set up compliance monitoring schedules.

Conduct regular audits using ISMS.online audit templates.

Document audit findings and corrective actions.

Establish procedures for reporting non-compliance.

Track and document non-compliance incidents.

Implement corrective actions and document outcomes.

4. Assessment and Improvement:

Schedule regular internal audits.

Use audit templates to conduct comprehensive audits.

Document audit results and corrective actions.

Review audit findings and identify areas for improvement.

Track and implement corrective actions.

Monitor and document improvements in ISMS.online.

5. Documentation and Reporting:

Maintain all compliance-related documents in ISMS.online.

Ensure documents are easily accessible and up-to-date.

Keep detailed records of all compliance activities and audit findings.

Generate detailed compliance reports regularly.

Share reports with senior management and relevant stakeholders.

Document feedback and actions taken in response to reports.

By following this detailed compliance checklist and utilising the comprehensive features of ISMS.online, organisations can ensure that they meet the requirements of A.5.36 Compliance With Policies, Rules, and Standards for Information Security.

This systematic approach not only fosters a culture of security awareness and compliance but also enhances the overall security posture of the organisation, ensuring robust protection of information assets.


Manage all your compliance in one place

ISMS.online supports over 100 standards
and regulations, giving you a single
platform for all your compliance needs.

Book a demo

Every Annex A Control Checklist Table

ISO 27001 Annex A.5 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.5.1Policies for Information Security Checklist
Annex A.5.2Information Security Roles and Responsibilities Checklist
Annex A.5.3Segregation of Duties Checklist
Annex A.5.4Management Responsibilities Checklist
Annex A.5.5Contact With Authorities Checklist
Annex A.5.6Contact With Special Interest Groups Checklist
Annex A.5.7Threat Intelligence Checklist
Annex A.5.8Information Security in Project Management Checklist
Annex A.5.9Inventory of Information and Other Associated Assets Checklist
Annex A.5.10Acceptable Use of Information and Other Associated Assets Checklist
Annex A.5.11Return of Assets Checklist
Annex A.5.12Classification of Information Checklist
Annex A.5.13Labelling of Information Checklist
Annex A.5.14Information Transfer Checklist
Annex A.5.15Access Control Checklist
Annex A.5.16Identity Management Checklist
Annex A.5.17Authentication Information Checklist
Annex A.5.18Access Rights Checklist
Annex A.5.19Information Security in Supplier Relationships Checklist
Annex A.5.20Addressing Information Security Within Supplier Agreements Checklist
Annex A.5.21Managing Information Security in the ICT Supply Chain Checklist
Annex A.5.22Monitoring, Review and Change Management of Supplier Services Checklist
Annex A.5.23Information Security for Use of Cloud Services Checklist
Annex A.5.24Information Security Incident Management Planning and Preparation Checklist
Annex A.5.25Assessment and Decision on Information Security Events Checklist
Annex A.5.26Response to Information Security Incidents Checklist
Annex A.5.27Learning From Information Security Incidents Checklist
Annex A.5.28Collection of Evidence Checklist
Annex A.5.29Information Security During Disruption Checklist
Annex A.5.30ICT Readiness for Business Continuity Checklist
Annex A.5.31Legal, Statutory, Regulatory and Contractual Requirements Checklist
Annex A.5.32Intellectual Property Rights Checklist
Annex A.5.33Protection of Records Checklist
Annex A.5.34Privacy and Protection of PII Checklist
Annex A.5.35Independent Review of Information Security Checklist
Annex A.5.36Compliance With Policies, Rules, and Standards for Information Security Checklist
Annex A.5.37Documented Operating Procedures Checklist


ISO 27001 Annex A.6 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.6.1Screening Checklist
Annex A.6.2Terms and Conditions of Employment Checklist
Annex A.6.3Information Security Awareness, Education and Training Checklist
Annex A.6.4Disciplinary Process Checklist
Annex A.6.5Responsibilities After Termination or Change of Employment Checklist
Annex A.6.6Confidentiality or Non-Disclosure Agreements Checklist
Annex A.6.7Remote Working Checklist
Annex A.6.8Information Security Event Reporting Checklist


ISO 27001 Annex A.7 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.7.1Physical Security Perimeters Checklist
Annex A.7.2Physical Entry Checklist
Annex A.7.3Securing Offices, Rooms, and Facilities Checklist
Annex A.7.4Physical Security Monitoring Checklist
Annex A.7.5Protecting Against Physical and Environmental Threats Checklist
Annex A.7.6Working in Secure Areas Checklist
Annex A.7.7Clear Desk and Clear Screen Checklist
Annex A.7.8Equipment Siting and Protection Checklist
Annex A.7.9Security of Assets Off-Premises Checklist
Annex A.7.10Storage Media Checklist
Annex A.7.11Supporting Utilities Checklist
Annex A.7.12Cabling Security Checklist
Annex A.7.13Equipment Maintenance Checklist
Annex A.7.14Secure Disposal or Re-Use of Equipment Checklist


ISO 27001 Annex A.8 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.8.1User Endpoint Devices Checklist
Annex A.8.2Privileged Access Rights Checklist
Annex A.8.3Information Access Restriction Checklist
Annex A.8.4Access to Source Code Checklist
Annex A.8.5Secure Authentication Checklist
Annex A.8.6Capacity Management Checklist
Annex A.8.7Protection Against Malware Checklist
Annex A.8.8Management of Technical Vulnerabilities Checklist
Annex A.8.9Configuration Management Checklist
Annex A.8.10Information Deletion Checklist
Annex A.8.11Data Masking Checklist
Annex A.8.12Data Leakage Prevention Checklist
Annex A.8.13Information Backup Checklist
Annex A.8.14Redundancy of Information Processing Facilities Checklist
Annex A.8.15Logging Checklist
Annex A.8.16Monitoring Activities Checklist
Annex A.8.17Clock Synchronisation Checklist
Annex A.8.18Use of Privileged Utility Programs Checklist
Annex A.8.19Installation of Software on Operational Systems Checklist
Annex A.8.20Networks Security Checklist
Annex A.8.21Security of Network Services Checklist
Annex A.8.22Segregation of Networks Checklist
Annex A.8.23Web Filtering Checklist
Annex A.8.24Use of Cryptography Checklist
Annex A.8.25Secure Development Life Cycle Checklist
Annex A.8.26Application Security Requirements Checklist
Annex A.8.27Secure System Architecture and Engineering Principles Checklist
Annex A.8.28Secure Coding Checklist
Annex A.8.29Security Testing in Development and Acceptance Checklist
Annex A.8.30Outsourced Development Checklist
Annex A.8.31Separation of Development, Test and Production Environments Checklist
Annex A.8.32Change Management Checklist
Annex A.8.33Test Information Checklist
Annex A.8.34Protection of Information Systems During Audit Testing Checklist


How ISMS.online Help With A.5.36

Ensuring compliance with A.5.36 Compliance With Policies, Rules, and Standards for Information Security is critical for safeguarding your organisation’s sensitive data and maintaining trust with your stakeholders. By leveraging the powerful features of ISMS.online, you can streamline your compliance efforts, mitigate risks, and enhance operational efficiency.

Ready to elevate your information security management?

Contact ISMS.online today to schedule a personalised demo. See firsthand how our comprehensive platform can transform your compliance process and fortify your organisation’s security posture. Our experts are here to guide you through the features and demonstrate how ISMS.online can meet your unique needs.

complete compliance solution

Want to explore?
Start your free trial.

Sign up for your free trial today and get hands on with all the compliance features that ISMS.online has to offer

Find out more

Explore ISMS.online's platform with a self-guided tour - Start Now