Class: InformationSecurityManagementSystem
Top-level container representing an organization's complete ISMS per ISO 27001. Aggregates all components required to support the full ISMS lifecycle.
URI: iso27001:InformationSecurityManagementSystem
classDiagram
class InformationSecurityManagementSystem
click InformationSecurityManagementSystem href "../InformationSecurityManagementSystem/"
NamedEntity <|-- InformationSecurityManagementSystem
click NamedEntity href "../NamedEntity/"
InformationSecurityManagementSystem : awareness_program
InformationSecurityManagementSystem --> "0..1" AwarenessProgram : awareness_program
click AwarenessProgram href "../AwarenessProgram/"
InformationSecurityManagementSystem : certification_body
InformationSecurityManagementSystem : certification_date
InformationSecurityManagementSystem : certification_status
InformationSecurityManagementSystem : communication_plan
InformationSecurityManagementSystem --> "0..1" CommunicationPlan : communication_plan
click CommunicationPlan href "../CommunicationPlan/"
InformationSecurityManagementSystem : competence_records
InformationSecurityManagementSystem --> "*" CompetenceRecord : competence_records
click CompetenceRecord href "../CompetenceRecord/"
InformationSecurityManagementSystem : context_external_issues
InformationSecurityManagementSystem : context_internal_issues
InformationSecurityManagementSystem : controls
InformationSecurityManagementSystem --> "*" SecurityControl : controls
click SecurityControl href "../SecurityControl/"
InformationSecurityManagementSystem : corrective_actions
InformationSecurityManagementSystem --> "*" CorrectiveAction : corrective_actions
click CorrectiveAction href "../CorrectiveAction/"
InformationSecurityManagementSystem : created_date
InformationSecurityManagementSystem : description
InformationSecurityManagementSystem : documented_information_register
InformationSecurityManagementSystem --> "*" DocumentedInformation : documented_information_register
click DocumentedInformation href "../DocumentedInformation/"
InformationSecurityManagementSystem : id
InformationSecurityManagementSystem : improvements
InformationSecurityManagementSystem --> "*" ImprovementOpportunity : improvements
click ImprovementOpportunity href "../ImprovementOpportunity/"
InformationSecurityManagementSystem : information_security_policy
InformationSecurityManagementSystem --> "0..1" InformationSecurityPolicy : information_security_policy
click InformationSecurityPolicy href "../InformationSecurityPolicy/"
InformationSecurityManagementSystem : interested_parties
InformationSecurityManagementSystem --> "*" InterestedParty : interested_parties
click InterestedParty href "../InterestedParty/"
InformationSecurityManagementSystem : internal_audits
InformationSecurityManagementSystem --> "*" InternalAudit : internal_audits
click InternalAudit href "../InternalAudit/"
InformationSecurityManagementSystem : management_reviews
InformationSecurityManagementSystem --> "*" ManagementReview : management_reviews
click ManagementReview href "../ManagementReview/"
InformationSecurityManagementSystem : modified_date
InformationSecurityManagementSystem : monitoring_program
InformationSecurityManagementSystem --> "0..1" MonitoringProgram : monitoring_program
click MonitoringProgram href "../MonitoringProgram/"
InformationSecurityManagementSystem : name
InformationSecurityManagementSystem : nonconformities
InformationSecurityManagementSystem --> "*" Nonconformity : nonconformities
click Nonconformity href "../Nonconformity/"
InformationSecurityManagementSystem : objectives
InformationSecurityManagementSystem --> "*" InformationSecurityObjective : objectives
click InformationSecurityObjective href "../InformationSecurityObjective/"
InformationSecurityManagementSystem : operational_procedures
InformationSecurityManagementSystem --> "*" OperationalProcedure : operational_procedures
click OperationalProcedure href "../OperationalProcedure/"
InformationSecurityManagementSystem : organization
InformationSecurityManagementSystem --> "0..1" Organization : organization
click Organization href "../Organization/"
InformationSecurityManagementSystem : recertification_date
InformationSecurityManagementSystem : resources
InformationSecurityManagementSystem --> "*" Resource : resources
click Resource href "../Resource/"
InformationSecurityManagementSystem : risk_assessment_process
InformationSecurityManagementSystem --> "0..1" RiskAssessmentProcess : risk_assessment_process
click RiskAssessmentProcess href "../RiskAssessmentProcess/"
InformationSecurityManagementSystem : risk_assessments
InformationSecurityManagementSystem --> "*" RiskAssessment : risk_assessments
click RiskAssessment href "../RiskAssessment/"
InformationSecurityManagementSystem : risk_treatment_plans
InformationSecurityManagementSystem --> "*" RiskTreatmentPlan : risk_treatment_plans
click RiskTreatmentPlan href "../RiskTreatmentPlan/"
InformationSecurityManagementSystem : risk_treatment_process
InformationSecurityManagementSystem --> "0..1" RiskTreatmentProcess : risk_treatment_process
click RiskTreatmentProcess href "../RiskTreatmentProcess/"
InformationSecurityManagementSystem : roles
InformationSecurityManagementSystem --> "*" Role : roles
click Role href "../Role/"
InformationSecurityManagementSystem : scope_boundaries
InformationSecurityManagementSystem : scope_exclusions
InformationSecurityManagementSystem : scope_statement
InformationSecurityManagementSystem : statement_of_applicability
InformationSecurityManagementSystem --> "0..1" StatementOfApplicability : statement_of_applicability
click StatementOfApplicability href "../StatementOfApplicability/"
InformationSecurityManagementSystem : version
Inheritance
- NamedEntity
- InformationSecurityManagementSystem
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| organization | 0..1 Organization |
Reference to the organization operating the ISMS | direct |
| scope_statement | 0..1 String |
Documented statement of ISMS scope per 4 | direct |
| scope_boundaries | * String |
Defined boundaries of the ISMS scope | direct |
| scope_exclusions | * String |
Any exclusions from scope with justification | direct |
| context_internal_issues | * String |
Internal issues relevant to ISMS per 4 | direct |
| context_external_issues | * String |
External issues relevant to ISMS per 4 | direct |
| interested_parties | * InterestedParty |
Stakeholders relevant to the ISMS | direct |
| information_security_policy | 0..1 InformationSecurityPolicy |
Reference to the information security policy | direct |
| objectives | * InformationSecurityObjective |
Information security objectives | direct |
| risk_assessment_process | 0..1 RiskAssessmentProcess |
Reference to the risk assessment process | direct |
| risk_treatment_process | 0..1 RiskTreatmentProcess |
Reference to the risk treatment process | direct |
| statement_of_applicability | 0..1 StatementOfApplicability |
Reference to the Statement of Applicability | direct |
| controls | * SecurityControl |
Security controls applied in the ISMS | direct |
| roles | * Role |
Information security roles defined in the ISMS | direct |
| resources | * Resource |
Resources provided for the ISMS | direct |
| competence_records | * CompetenceRecord |
Competence records for personnel | direct |
| awareness_program | 0..1 AwarenessProgram |
Reference to the awareness program | direct |
| communication_plan | 0..1 CommunicationPlan |
Reference to the communication plan | direct |
| documented_information_register | * DocumentedInformation |
Register of documented information | direct |
| operational_procedures | * OperationalProcedure |
Operational procedures | direct |
| risk_assessments | * RiskAssessment |
Risk assessment instances | direct |
| risk_treatment_plans | * RiskTreatmentPlan |
Risk treatment plans | direct |
| monitoring_program | 0..1 MonitoringProgram |
Reference to the monitoring program | direct |
| internal_audits | * InternalAudit |
Internal audit instances | direct |
| management_reviews | * ManagementReview |
Management review instances | direct |
| nonconformities | * Nonconformity |
Nonconformities identified | direct |
| corrective_actions | * CorrectiveAction |
Corrective actions | direct |
| improvements | * ImprovementOpportunity |
Improvement opportunities tracked | direct |
| certification_status | 0..1 String |
Current certification status | direct |
| certification_body | 0..1 String |
Accredited certification body | direct |
| certification_date | 0..1 Date |
Date certification was achieved | direct |
| recertification_date | 0..1 Date |
Date recertification is due | direct |
| id | 1 Uriorcurie |
Unique identifier for this entity instance | NamedEntity |
| name | 1 String |
Human-readable name or title | NamedEntity |
| description | 0..1 String |
Detailed description of the entity | NamedEntity |
| created_date | 0..1 Date |
Date when the entity was created | NamedEntity |
| modified_date | 0..1 Date |
Date when the entity was last modified | NamedEntity |
| version | 0..1 String |
Version identifier for the entity | NamedEntity |
In Subsets
Comments
- This is the root entity for any ISMS conformance dataset
- Aggregates ISMS processes and their relationships
- Includes explicit scope metadata and related governance artifacts
- Reference: ISO/IEC 27001:2022 Clause 4.4. ISO/IEC standards text is copyright ISO - not reproduced here.
Identifier and Mapping Information
Annotations
| property | value |
|---|---|
| iso27001_clause | 4.4 |
| mandatory | true |
Schema Source
- from schema: https://w3id.org/lmodel/iso27001
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | iso27001:InformationSecurityManagementSystem |
| native | iso27001:InformationSecurityManagementSystem |
| related | cis_controls:CISControlsDocument |
LinkML Source
Direct
name: InformationSecurityManagementSystem
annotations:
iso27001_clause:
tag: iso27001_clause
value: '4.4'
mandatory:
tag: mandatory
value: 'true'
description: Top-level container representing an organization's complete ISMS per
ISO 27001. Aggregates all components required to support the full ISMS lifecycle.
comments:
- This is the root entity for any ISMS conformance dataset
- Aggregates ISMS processes and their relationships
- Includes explicit scope metadata and related governance artifacts
- 'Reference: ISO/IEC 27001:2022 Clause 4.4. ISO/IEC standards text is copyright ISO
- not reproduced here.'
in_subset:
- isms_core
from_schema: https://w3id.org/lmodel/iso27001
related_mappings:
- cis_controls:CISControlsDocument
is_a: NamedEntity
slots:
- organization
- scope_statement
- scope_boundaries
- scope_exclusions
- context_internal_issues
- context_external_issues
- interested_parties
- information_security_policy
- objectives
- risk_assessment_process
- risk_treatment_process
- statement_of_applicability
- controls
- roles
- resources
- competence_records
- awareness_program
- communication_plan
- documented_information_register
- operational_procedures
- risk_assessments
- risk_treatment_plans
- monitoring_program
- internal_audits
- management_reviews
- nonconformities
- corrective_actions
- improvements
- certification_status
- certification_body
- certification_date
- recertification_date
Induced
name: InformationSecurityManagementSystem
annotations:
iso27001_clause:
tag: iso27001_clause
value: '4.4'
mandatory:
tag: mandatory
value: 'true'
description: Top-level container representing an organization's complete ISMS per
ISO 27001. Aggregates all components required to support the full ISMS lifecycle.
comments:
- This is the root entity for any ISMS conformance dataset
- Aggregates ISMS processes and their relationships
- Includes explicit scope metadata and related governance artifacts
- 'Reference: ISO/IEC 27001:2022 Clause 4.4. ISO/IEC standards text is copyright ISO
- not reproduced here.'
in_subset:
- isms_core
from_schema: https://w3id.org/lmodel/iso27001
related_mappings:
- cis_controls:CISControlsDocument
is_a: NamedEntity
attributes:
organization:
name: organization
description: Reference to the organization operating the ISMS.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: organization
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: Organization
scope_statement:
name: scope_statement
annotations:
iso27001_clause:
tag: iso27001_clause
value: '4.3'
description: Documented statement of ISMS scope per 4.3.
comments:
- Available as documented information
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: scope_statement
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: string
scope_boundaries:
name: scope_boundaries
description: Defined boundaries of the ISMS scope.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: scope_boundaries
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: string
multivalued: true
scope_exclusions:
name: scope_exclusions
description: Any exclusions from scope with justification.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: scope_exclusions
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: string
multivalued: true
context_internal_issues:
name: context_internal_issues
description: Internal issues relevant to ISMS per 4.1.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: context_internal_issues
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: string
multivalued: true
context_external_issues:
name: context_external_issues
description: External issues relevant to ISMS per 4.1.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: context_external_issues
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: string
multivalued: true
interested_parties:
name: interested_parties
annotations:
iso27001_clause:
tag: iso27001_clause
value: '4.2'
description: Stakeholders relevant to the ISMS.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: interested_parties
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: InterestedParty
multivalued: true
information_security_policy:
name: information_security_policy
annotations:
iso27001_clause:
tag: iso27001_clause
value: '5.2'
description: Reference to the information security policy.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: information_security_policy
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: InformationSecurityPolicy
objectives:
name: objectives
description: Information security objectives.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: objectives
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: InformationSecurityObjective
multivalued: true
risk_assessment_process:
name: risk_assessment_process
description: Reference to the risk assessment process.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: risk_assessment_process
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: RiskAssessmentProcess
risk_treatment_process:
name: risk_treatment_process
description: Reference to the risk treatment process.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: risk_treatment_process
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: RiskTreatmentProcess
statement_of_applicability:
name: statement_of_applicability
description: Reference to the Statement of Applicability.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: statement_of_applicability
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: StatementOfApplicability
controls:
name: controls
description: Security controls applied in the ISMS.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: controls
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: SecurityControl
multivalued: true
roles:
name: roles
description: Information security roles defined in the ISMS.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: roles
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: Role
multivalued: true
resources:
name: resources
description: Resources provided for the ISMS.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: resources
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: Resource
multivalued: true
competence_records:
name: competence_records
description: Competence records for personnel.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: competence_records
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: CompetenceRecord
multivalued: true
awareness_program:
name: awareness_program
description: Reference to the awareness program.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: awareness_program
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: AwarenessProgram
communication_plan:
name: communication_plan
description: Reference to the communication plan.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: communication_plan
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: CommunicationPlan
documented_information_register:
name: documented_information_register
description: Register of documented information.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: documented_information_register
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: DocumentedInformation
multivalued: true
operational_procedures:
name: operational_procedures
description: Operational procedures.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: operational_procedures
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: OperationalProcedure
multivalued: true
risk_assessments:
name: risk_assessments
description: Risk assessment instances.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: risk_assessments
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: RiskAssessment
multivalued: true
risk_treatment_plans:
name: risk_treatment_plans
description: Risk treatment plans.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: risk_treatment_plans
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: RiskTreatmentPlan
multivalued: true
monitoring_program:
name: monitoring_program
description: Reference to the monitoring program.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: monitoring_program
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: MonitoringProgram
internal_audits:
name: internal_audits
description: Internal audit instances.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: internal_audits
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: InternalAudit
multivalued: true
management_reviews:
name: management_reviews
description: Management review instances.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: management_reviews
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: ManagementReview
multivalued: true
nonconformities:
name: nonconformities
description: Nonconformities identified.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: nonconformities
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: Nonconformity
multivalued: true
corrective_actions:
name: corrective_actions
description: Corrective actions.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: corrective_actions
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: CorrectiveAction
multivalued: true
improvements:
name: improvements
description: Improvement opportunities tracked.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: improvements
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: ImprovementOpportunity
multivalued: true
certification_status:
name: certification_status
description: Current certification status.
examples:
- value: not_certified
- value: in_progress
- value: certified
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: certification_status
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: string
certification_body:
name: certification_body
description: Accredited certification body.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: certification_body
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: string
certification_date:
name: certification_date
description: Date certification was achieved.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: certification_date
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: date
recertification_date:
name: recertification_date
description: Date recertification is due.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: recertification_date
owner: InformationSecurityManagementSystem
domain_of:
- InformationSecurityManagementSystem
range: date
id:
name: id
description: Unique identifier for this entity instance.
comments:
- Should use consistent URI/CURIE format across the dataset
examples:
- value: iso27001:risk-001
- value: iso27001:control-5.1
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
identifier: true
alias: id
owner: InformationSecurityManagementSystem
domain_of:
- NamedEntity
range: uriorcurie
required: true
name:
name: name
description: Human-readable name or title.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: name
owner: InformationSecurityManagementSystem
domain_of:
- NamedEntity
range: string
required: true
description:
name: description
description: Detailed description of the entity.
comments:
- Should provide sufficient detail for understanding without external reference
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: description
owner: InformationSecurityManagementSystem
domain_of:
- NamedEntity
range: string
created_date:
name: created_date
description: Date when the entity was created.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: created_date
owner: InformationSecurityManagementSystem
domain_of:
- NamedEntity
range: date
modified_date:
name: modified_date
description: Date when the entity was last modified.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: modified_date
owner: InformationSecurityManagementSystem
domain_of:
- NamedEntity
range: date
version:
name: version
description: Version identifier for the entity.
comments:
- Supports document control requirements per 7.5.3 e)
examples:
- value: '1.0'
- value: 2.3.1
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: version
owner: InformationSecurityManagementSystem
domain_of:
- NamedEntity
range: string