While ISO 27001 defines what needs to be achieved to establish an ISMS, it does not explicitly detail the exact workflow processes required to run it day-to-day. ISO 27022 addresses this gap by outlining a process reference model. It describes the lifecycle, inputs, outputs, and governance of the core processes that make an ISMS functional, repeatable, and scalable.
Core Processes (cont.) : Information security incident management Security policy management : Information security change management Requirements management : Internal audit Information security risk assessment : Performance evaluation Information security risk treatment : Information security improvement Security implementation management Support Processes : Records control Process to control outsourced services : Resource management Process to assure necessary awareness and competence : Communication : Information security customer relationship management iso 27022 pdf
To remain compliant and resilient, an ISMS must constantly evaluate its own performance: While ISO 27001 defines what needs to be
Offers conceptual models of how information security activities interact with broader corporate operations. Core Processes (cont
The most significant use is converting the requirements of ISO/IEC 27001 into actionable operational processes. The PRM shows how the clauses of ISO 27001 relate to specific, recurring activities.