ISO 27001 · A.5 Organizational

A.5.1 Policies for information security

Define, approve, publish and review a set of information security policies.

Mapped across 10 provisions

Equivalent and related requirements in other frameworks and regulations.

NIST 800-53PartialOfficial mapping
Source: NIST SP 800-53 Rev. 5 / ISO/IEC 27001
PM-1 Information security program plan
Governance & security policy
CCPA / CPRARelatedCurated
§1798.100 Consumers' right to know and notice at collection
Governance & security policy
DORARelatedCurated
Art. 6 ICT risk management framework
Governance & security policy
GDPRRelatedCurated
Art. 25 Data protection by design and by default
Governance & security policy
GLBARelatedCurated
§314.4(a) Designate a qualified individual
Governance & security policy
LGPDRelatedCurated
Art. 50 Good practices and governance rules
Governance & security policy
NIS2RelatedCurated
Art. 21(2)(a) Risk analysis and information system security policies
Governance & security policy
NIST CSF 2.0RelatedCurated
GV.OC-01 Organizational mission and security role understood
Governance & security policy
PCI DSSRelatedCurated
Req. 12 Support information security with organizational policies and programs
Governance & security policy
SOC 2RelatedCurated
CC1.1 Integrity and ethical values
Governance & security policy