Scoping – consideration of internal/ external issues, as well as interested parties
Leadership – support from top management regarding resources, communication, and aligning the management system’s objectives with those of the organization’s overall business objectives
Human resources support – confirmation of adequate support for the implementation and ongoing maintenance of the management systems
Document management – documentation process and procedure for management system documentation
Internal audit – confirmation that an independent and objective review of the management system is performed
Measurement and monitoring – confirmation that the operations of the management system is monitored
Management review – evidence that relevant management personnel reviews the ongoing performance, continued suitability, adequacy, and effectiveness of the management system
Continual improvement – ongoing and forward-thinking effort to improve overall management system
ISO 9001
Objective: To maintain the expected quality standards in the organization
Does not require a Statement of Applicability
ISO 27001
Objective: To provide requirements for establishing, implementing, maintaining and continuously improving ISMS
Utilizes controls from ISO 27002 to support its ISMS