Skip to content

Glossary definition: ISO/IEC 27001 Mandatory Clauses

ISO/IEC 27001: Mandatory Clauses for Information Security

ISO/IEC 27001 Mandatory Clauses are the minimum requirements for an Information Security Management System (ISMS) that must be met in order for an organization to achieve certification. The clauses are divided into two parts: the Statement of Applicability (SOA) and the Annex A (Controls). The SOA states the scope of the ISMS, the security objectives, and the controls that are applicable to the organization. The Annex A provides the detailed requirements for each of the controls, including their purpose, objectives, and implementation guidance. The ISO/IEC 27001 Mandatory Clauses are designed to ensure that an organization is able to effectively protect the confidentiality, integrity, and availability of its information assets.