LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

How would you describe the ISO 27001 approach to building an ISMS in one paragraph?

Document everything, secure full management support, understand context and set IS objectives, identify the situation and evaluate it against goals, change & verify, then teach the leadership and start over.

A memorable condensed list:

  1. Merke Dir: nur was dokumentiert ist, ist wirklich passiert — undocumented work is invisible to auditors.
  2. Sichere die volle Unterstützung der Führung — mandate and resources.
  3. Erkenne dein Umfeld und setze Informationssicherheits-Ziele.
  4. Identifiziere deine Situation und bewerte sie im Bezug auf die Ziele.
  5. Ändere, wo nötig, und prüfe wie gut du dich vorwärtsbewegst.
  6. Unterrichte die Führung und fang von vorne an.

Step 6 closes the PDCA loop and feeds back into Step 1.

Worth remembering: "Ein Ziel kann strategisch, taktisch oder operativ sein" — IS goals have to live at all three layers.

Tip: Auditors love documentation, but documentation without behaviour change is theatre. The hardest part of ISO 27001 isn't writing the policies — it's getting people to actually follow them.

Go deeper:

  • doc ISO/IEC 27001 — the ISMS requirements standard: risk-based controls, management commitment, documentation and certification.

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 05, 2026