Platform
- Overview
- Features
  - Risk ManagementManage all your business risks in one place
  - Asset ManagementDynamic asset management solution
  - Supply Chain ManagementEffortlessly integrate your supply chain
  - IntegrationsConnect with over 5,000 systems
  - HeadStartGet certified up to 5x faster
  - Assured Results MethodYour path to certification success
  - Virtual CoachYour always-on guide to ISO 27001
  - Explore All Features
Solutions
- Frameworks
  - ISO 27001The information security standard
  - ISO 42001The Artificial Intelligence standard
  - ISO 27701Data privacy for your business
  - ISO 22301Streamline your business continuity
  - ISO 9001Simplify your quality management
  - GDPRKeep on top of your data protection
  - NIS 2Strengthen your cybersecurity
  - All standards and regulations
- Experience Level
  - New to ISO 27001?Don’t worry, we’ve got you covered
  - Looking to improve your compliance?Switch to a platform that gives you complete control
  - Enterprise-level complianceManage all your compliance needs with ISMS.online
- Sectors
  - Healthcare
  - Legal
  - FinTech
  - Retail
  - Automotive
  - Logistics
  - Public Sector
  - Gambling
  - Communications
  - Aviation
Customers
Learn
Partners
- Become a Partner
  - Become a PartnerTeam up with ISMS.online and empower your customers to achieve effective, scalable information management success
- Types of Partner
  - Service PartnersMake compliance your competitive advantage
  - AuditorsStreamline your audit practice
  - Technology PartnersIntegrate your products with ISMS.online
- Partner Services
  - Partner DirectoryConnect with trusted compliance experts
Log in
Get a quote
Book a demo

Get a quote Book a demo

Book a demo Get a quote

Platform
- Overview
- Features
  - Risk ManagementManage all your business risks in one place
  - Asset ManagementDynamic asset management solution
  - Supply Chain ManagementEffortlessly integrate your supply chain
  - IntegrationsConnect with over 5,000 systems
  - HeadStartGet certified up to 5x faster
  - Assured Results MethodYour path to certification success
  - Virtual CoachYour always-on guide to ISO 27001
  - Explore All Features
Solutions
- Frameworks
  - ISO 27001The information security standard
  - ISO 42001The Artificial Intelligence standard
  - ISO 27701Data privacy for your business
  - ISO 22301Streamline your business continuity
  - ISO 9001Simplify your quality management
  - GDPRKeep on top of your data protection
  - NIS 2Strengthen your cybersecurity
  - All standards and regulations
- Experience Level
  - New to ISO 27001?Don’t worry, we’ve got you covered
  - Looking to improve your compliance?Switch to a platform that gives you complete control
  - Enterprise-level complianceManage all your compliance needs with ISMS.online
- Sectors
  - Healthcare
  - Legal
  - FinTech
  - Retail
  - Automotive
  - Logistics
  - Public Sector
  - Gambling
  - Communications
  - Aviation
Customers
Learn
Partners
- Become a Partner
  - Become a PartnerTeam up with ISMS.online and empower your customers to achieve effective, scalable information management success
- Types of Partner
  - Service PartnersMake compliance your competitive advantage
  - AuditorsStreamline your audit practice
  - Technology PartnersIntegrate your products with ISMS.online
- Partner Services
  - Partner DirectoryConnect with trusted compliance experts
Log in
Get a quote
Book a demo

ISO 27001 – 9: Performance Evaluation

close up,of,a,man's,hand,working,on,laptop

Section 9 – Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review

ISO 27001 Section 9.1 – Monitoring, measurement, analysis and evaluation

The ISO 27001 requires organisations to evaluate how the ISMS is performing and how effective the information security management system is.

For this you will need to:

decide what needs to be monitored;
agree on the methods you will use for monitoring and analysing;
when you will conduct the monitoring and measuring;
decide who will conduct the measurement;
decide when you will analyse the results of the measurement; and
who will be responsible for evaluating the results.

corporate,business,team,and,manager,in,a,meeting

ISO 27001 Section 9.2 – Internal audit

The International Standardisation Organisation will expect you to have carried out a number of planned internal audits of your information security management system. These audits will be reviewed independently by an external auditor at stage 2 of the accreditation.

These audits should ensure that the information security management system meets the goals and objectives of the business, as well as the requirements of ISO 27001.

Plan, establish, implement and maintain an audit programme
Define the scope and criteria
Appoint the internal auditors, ensuring objectivity and impartiality
Report results to the previously agreed staff member
Ensure all results and comments are documented in the information security management system

business,man,using,mobile,smart,phone,,busy,working,on,laptop

100% ISO 27001 success

Your simple, practical, time-saving path to first-time ISO 27001 compliance or certification

Assured Results Method

ISO 27001 Section 9.3 – Management review

It is the responsibility of senior management to conduct the management review for ISO 27001. These reviews should be pre-planned and often enough to ensure that the information security management system continues to be effective and achieves the aims of the business.

Management reviews should include:

Details of past management reviews with updated actions
Any changes to internal and external issues that concern information security
Feedback on any corrective actions, audit and measurement results
Interested parties
Risk assessment results
Continual improvements opportunities for the ISMS

blurred,image,,people,silhouette,collaborating,in,office,interior.,defocused,space

Trusted by companies everywhere

Simple and easy to use
Designed for ISO 27001 success
Saves you time and money

The proven path to ISO 27001 success

Built with everything you need to succeed with ease, and ready to use straight out of the box – no training required!

Policies

Perfect Policies & Controls

Easily collaborate, create and show you are on top of your documentation at all times

Risk-Management

Simple Risk Management

Effortlessly address threats & opportunities and dynamically report on performance

Reporting

Measurement & Automated Reporting

Make better decisions and show you are in control with dashboards, KPIs and related reporting

Audits

Audits, Actions & Reviews

Make light work of corrective actions, improvements, audits and management reviews

Linking

Mapping & Linking Work

Shine a light on critical relationships and elegantly link areas such as assets, risks, controls and suppliers

Easy Asset Management

Select assets from the Asset Bank and create your Asset Inventory with ease

Seamless-Integration

Fast, Seamless Integration

Out of the box integrations with your other key business systems to simplify your compliance

Standards-Regulations

Other Standards & Regulations

Neatly add in other areas of compliance affecting your organisation to achieve even more

Compliance

Staff Compliance Assurance

Engage staff, suppliers and others with dynamic end-to-end compliance at all times

Supply-Chain

Supply Chain Management

Manage due diligence, contracts, contacts and relationships over their lifecycle

Interested-Parties

Interested Party Management

Visually map and manage interested parties to ensure their needs are clearly addressed

Privacy

Strong Privacy & Security

Strong privacy by design and security controls to match your needs & expectations

ISO 27001 requirements

4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the ISMS
4.4 Information security management system (ISMS)
5.1 Leadership and commitment
5.2 Information Security Policy
5.3 Organisational roles, responsibilities and authorities
6.1 Actions to address risks and opportunities
6.2 Information security objectives and planning to achieve them
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
8.1 Operational planning and control
8.2 Information security risk assessment
8.3 Information security risk treatment
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
10.1 Nonconformity and corrective action
10.2 Continual improvement

ISO 27001 Annex A Controls

A.5 Information security policies
A.6 Organisation of information security
A.7 Human resource security
A.8 Asset management
A.9 Access control
A.10 Cryptography
A.11 Physical and environmental security
A.12 Operations security
A.13 Communications security
A.14 System acquisition, development, and maintenance
A.15 Supplier relationships
A.16 Information security incident management
A.17 Information security aspects of business continuity management
A.18 Compliance

About ISO 27001

« Req 8.3 – Information security risk treatment

Req 9.1 – Monitoring, measurement, analysis & evaluation »

100% of our users achieve ISO 27001 certification first time

Start your journey today

See how we can help you