Assure Start

ISO 27001:2022 Structure Diagram

  1. Home
  2. Guides
  3. ISO 27001:2022 Structure Diagram
Note: For the best viewing experience, we recommend using a desktop device to explore this diagram.
ISO 27001:2022 as JSON 
{
  "name": "ISO 27001:2022",
  "children": [
    {
      "name": "0. Introduction"
    },
    {
      "name": "1. Scope"
    },
    {
      "name": "2. Normative references"
    },
    {
      "name": "3. Terms and definitions"
    },
    {
      "name": "4. Context of the organization",
      "children": [
        {
          "name": "4.1 Understanding the organization and its context"
        },
        {
          "name": "4.2 Understanding the needs and expectations of interested parties"
        },
        {
          "name": "4.3 Determining the scope of the information security management system"
        },
        {
          "name": "4.4 Information security management system"
        }
      ]
    },
    {
      "name": "5. Leadership",
      "children": [
        {
          "name": "5.1 Leadership and commitment"
        },
        {
          "name": "5.2 Policy"
        },
        {
          "name": "5.3 Organizational roles, responsibilities and authorities"
        }
      ]
    },
    {
      "name": "6. Planning",
      "children": [
        {
          "name": "6.1 Actions to address risks and opportunities",
          "children": [
            {
              "name": "6.1.1 General"
            },
            {
              "name": "6.1.2 Information security risk assessment"
            },
            {
              "name": "6.1.3 Information security risk treatment"
            }
          ]
        },
        {
          "name": "6.2 Information security objectives and planning to achieve them"
        }
      ]
    },
    {
      "name": "7. Support",
      "children": [
        {
          "name": "7.1 Resources"
        },
        {
          "name": "7.2 Competence"
        },
        {
          "name": "7.3 Awareness"
        },
        {
          "name": "7.4 Communication"
        },
        {
          "name": "7.5 Documented information",
          "children": [
            {
              "name": "7.5.1 General"
            },
            {
              "name": "7.5.2 Creating and updating"
            },
            {
              "name": "7.5.3 Control of documented information"
            }
          ]
        }
      ]
    },
    {
      "name": "8. Operation",
      "children": [
        {
          "name": "8.1 Operational planning and control"
        },
        {
          "name": "8.2 Information security risk assessment"
        },
        {
          "name": "8.3 Information security risk treatment"
        }
      ]
    },
    {
      "name": "9. Performance evaluation",
      "children": [
        {
          "name": "9.1 Monitoring, measurement, analysis and evaluation"
        },
        {
          "name": "9.2 Internal audit",
          "children": [
            {
              "name": "9.2.1 General"
            },
            {
              "name": "9.2.2 Internal audit programme"
            }
          ]
        },
        {
          "name": "9.3 Management review",
          "children": [
            {
              "name": "9.3.1 General"
            },
            {
              "name": "9.3.2 Management review inputs"
            },
            {
              "name": "9.3.3 Management review results"
            }
          ]
        }
      ]
    },
    {
      "name": "10. Improvement",
      "children": [
        {
          "name": "10.1 Continual improvement"
        },
        {
          "name": "10.2 Nonconformity and corrective action"
        }
      ]
    },
    {
      "name": "Annex A (normative) Information security controls reference"
    }
  ]
}