ISO 27001

The International Standards Oganization [ISO] Certification for Information Security Management System [ISMS]: ISO 27001

Control objective: to control access to information

PDF 11.1 Business Requirement For Access Control

    11.1.1 Access control policy


10.1. Operational Procedures & Responsibilities

    PDF 10.1.1 Documented operating procedures
    Operating procedures have been documented, are maintained and are made available to all users who need them

Control objective: to prevent unauthorized physical access, damage and interference to the organization premises and information.

PDF 9.1 Secure Areas

    9.1.1 Physical security perimeter

    The Organization uses security perimeters to protect areas that contain information and information processing facilities.

Control objective: to ensure that all employees, contractors and third party users understand their responsibilities, and are suitable for the roles they are considered for, and to reduce the risk of theft, fraud or misuse of facilities.

PDF 8.1 Prior to Employment

    8.1.1 Roles and responsibilities

Control objective: to achieve and maintain appropriate protection of organizational assets.

PDF 7.1.Responsibility for Asset

    7.1.1 Inventory of assets

6 Organisation of Information Security

6.1 Internal Organisation

PDF Control objective: management of information security within the Organisation and establishment of a management framework for the initiation, implementation and control of the ISMS.

    6.1.1 Management commitment to information security

5 PDF Information Security Policy
Control objective: The organization provides management direction and support for information security in accordance with business requirements and relevant laws and regulations of the Kingdom of Bahrain.

    5.1.1 Information security policy document

PDF 3.1 The PLAN Phase – Establish the ISMS

    3.1 a) The Organisation defined the scope of the ISMS in Section 1.

    3.1 b) The Organisation has defined its information security policy, which is set out in Section 5, to apply throughout the Organisation as defined in the scope (Section 1 above). The policy includes:

2.1 Constituents

PDF The Organisation’s ISMS documentation consists of: