Skip to content

Class: TopicSpecificPolicy

A policy addressing a specific information security topic, supporting the overarching information security policy.

URI: iso27001:TopicSpecificPolicy

 classDiagram
    class TopicSpecificPolicy
    click TopicSpecificPolicy href "../TopicSpecificPolicy/"
      DocumentedInformation <|-- TopicSpecificPolicy
        click DocumentedInformation href "../DocumentedInformation/"

      TopicSpecificPolicy : applicable_controls





        TopicSpecificPolicy --> "*" SecurityControl : applicable_controls
        click SecurityControl href "../SecurityControl/"



      TopicSpecificPolicy : approved_by

      TopicSpecificPolicy : approved_date

      TopicSpecificPolicy : author

      TopicSpecificPolicy : classification

      TopicSpecificPolicy : created_date

      TopicSpecificPolicy : description

      TopicSpecificPolicy : document_reference

      TopicSpecificPolicy : document_type





        TopicSpecificPolicy --> "0..1" DocumentType : document_type
        click DocumentType href "../DocumentType/"



      TopicSpecificPolicy : effective_date

      TopicSpecificPolicy : id

      TopicSpecificPolicy : modified_date

      TopicSpecificPolicy : name

      TopicSpecificPolicy : owner

      TopicSpecificPolicy : parent_policy





        TopicSpecificPolicy --> "0..1" InformationSecurityPolicy : parent_policy
        click InformationSecurityPolicy href "../InformationSecurityPolicy/"



      TopicSpecificPolicy : retention_period

      TopicSpecificPolicy : review_date

      TopicSpecificPolicy : status

      TopicSpecificPolicy : target_audience

      TopicSpecificPolicy : topic_area

      TopicSpecificPolicy : version

Inheritance

Slots

Name Cardinality and Range Description Inheritance
topic_area 0..1
String		 The specific topic addressed by the policy direct
parent_policy 0..1
InformationSecurityPolicy		 The parent policy this topic-specific policy supports direct
applicable_controls *
SecurityControl		 Controls related to this policy direct
target_audience 0..1
String		 Intended audience for the policy or document direct
document_type 0..1
DocumentType		 Classification of the documented information DocumentedInformation
document_reference 0..1
String		 Unique reference number for document control DocumentedInformation
author 0..1
String		 Person who created the document DocumentedInformation
owner 0..1
String		 Person accountable for the document content and maintenance DocumentedInformation
approved_by 0..1
String		 Person who approved the document DocumentedInformation
approved_date 0..1
Date		 Date when the document was approved DocumentedInformation
effective_date 0..1
Date		 Date when the document becomes effective DocumentedInformation
review_date 0..1
Date		 Date when the document is due for review DocumentedInformation
status 0..1
String		 Current status of the document or entity DocumentedInformation
classification 0..1
String		 Information classification level DocumentedInformation
retention_period 0..1
DurationType		 Duration for which the document is retained DocumentedInformation
id 1
Uriorcurie		 Unique identifier for this entity instance NamedEntity
name 1
String		 Human-readable name or title NamedEntity
description 0..1
String		 Detailed description of the entity NamedEntity
created_date 0..1
Date		 Date when the entity was created NamedEntity
modified_date 0..1
Date		 Date when the entity was last modified NamedEntity
version 0..1
String		 Version identifier for the entity NamedEntity

Usages

used by used in type used
InformationSecurityPolicy related_topic_policies range TopicSpecificPolicy

In Subsets

Comments

  • Examples include access control policy, cryptography policy, backup policy
  • Referenced throughout Annex A controls

Identifier and Mapping Information

Annotations

property value
annex_a_reference 5.1

Schema Source

  • from schema: https://w3id.org/lmodel/iso27001

Mappings

Mapping Type Mapped Value
self iso27001:TopicSpecificPolicy
native iso27001:TopicSpecificPolicy

LinkML Source

Direct

name: TopicSpecificPolicy
annotations:
  annex_a_reference:
    tag: annex_a_reference
    value: '5.1'
description: A policy addressing a specific information security topic, supporting
  the overarching information security policy.
comments:
- Examples include access control policy, cryptography policy, backup policy
- Referenced throughout Annex A controls
in_subset:
- documented_information
from_schema: https://w3id.org/lmodel/iso27001
is_a: DocumentedInformation
slots:
- topic_area
- parent_policy
- applicable_controls
- target_audience

Induced

name: TopicSpecificPolicy
annotations:
  annex_a_reference:
    tag: annex_a_reference
    value: '5.1'
description: A policy addressing a specific information security topic, supporting
  the overarching information security policy.
comments:
- Examples include access control policy, cryptography policy, backup policy
- Referenced throughout Annex A controls
in_subset:
- documented_information
from_schema: https://w3id.org/lmodel/iso27001
is_a: DocumentedInformation
attributes:
  topic_area:
    name: topic_area
    description: The specific topic addressed by the policy.
    examples:
    - value: Access Control
    - value: Cryptography
    - value: Backup
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: topic_area
    owner: TopicSpecificPolicy
    domain_of:
    - TopicSpecificPolicy
    range: string
  parent_policy:
    name: parent_policy
    description: The parent policy this topic-specific policy supports.
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: parent_policy
    owner: TopicSpecificPolicy
    domain_of:
    - TopicSpecificPolicy
    range: InformationSecurityPolicy
  applicable_controls:
    name: applicable_controls
    description: Controls related to this policy.
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: applicable_controls
    owner: TopicSpecificPolicy
    domain_of:
    - TopicSpecificPolicy
    - Asset
    range: SecurityControl
    multivalued: true
  target_audience:
    name: target_audience
    description: Intended audience for the policy or document.
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: target_audience
    owner: TopicSpecificPolicy
    domain_of:
    - TopicSpecificPolicy
    - AwarenessProgram
    range: string
  document_type:
    name: document_type
    description: Classification of the documented information.
    in_subset:
    - documented_information
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: document_type
    owner: TopicSpecificPolicy
    domain_of:
    - DocumentedInformation
    range: DocumentType
  document_reference:
    name: document_reference
    description: Unique reference number for document control.
    comments:
    - Per 7.5.2 a) identification and description
    examples:
    - value: ISMS-POL-001
    - value: RA-2024-003
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: document_reference
    owner: TopicSpecificPolicy
    domain_of:
    - DocumentedInformation
    range: string
  author:
    name: author
    description: Person who created the document.
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: author
    owner: TopicSpecificPolicy
    domain_of:
    - DocumentedInformation
    range: string
  owner:
    name: owner
    description: Person accountable for the document content and maintenance.
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: owner
    owner: TopicSpecificPolicy
    domain_of:
    - DocumentedInformation
    range: string
  approved_by:
    name: approved_by
    description: Person who approved the document.
    comments:
    - Per 7.5.2 c) review and approval
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: approved_by
    owner: TopicSpecificPolicy
    domain_of:
    - DocumentedInformation
    - StatementOfApplicability
    range: string
  approved_date:
    name: approved_date
    description: Date when the document was approved.
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: approved_date
    owner: TopicSpecificPolicy
    domain_of:
    - DocumentedInformation
    - RiskTreatmentPlan
    range: date
  effective_date:
    name: effective_date
    description: Date when the document becomes effective.
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: effective_date
    owner: TopicSpecificPolicy
    domain_of:
    - DocumentedInformation
    range: date
  review_date:
    name: review_date
    description: Date when the document is due for review.
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: review_date
    owner: TopicSpecificPolicy
    domain_of:
    - DocumentedInformation
    - ManagementReview
    range: date
  status:
    name: status
    description: Current status of the document or entity.
    comments:
    - Examples include draft, approved, active, superseded, archived
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: status
    owner: TopicSpecificPolicy
    domain_of:
    - DocumentedInformation
    - Nonconformity
    - CorrectiveAction
    - ImprovementOpportunity
    range: string
  classification:
    name: classification
    description: Information classification level.
    comments:
    - Per A.5.12, classification based on confidentiality, integrity, availability
    examples:
    - value: confidential
    - value: internal
    - value: public
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: classification
    owner: TopicSpecificPolicy
    domain_of:
    - DocumentedInformation
    - Asset
    range: string
  retention_period:
    name: retention_period
    description: Duration for which the document is retained.
    comments:
    - Per 7.5.3 f) retention and disposition
    - Use ISO 8601 duration notation such as P1Y or P90D
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: retention_period
    owner: TopicSpecificPolicy
    domain_of:
    - DocumentedInformation
    range: duration type
  id:
    name: id
    description: Unique identifier for this entity instance.
    comments:
    - Should use consistent URI/CURIE format across the dataset
    examples:
    - value: iso27001:risk-001
    - value: iso27001:control-5.1
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    identifier: true
    alias: id
    owner: TopicSpecificPolicy
    domain_of:
    - NamedEntity
    range: uriorcurie
    required: true
  name:
    name: name
    description: Human-readable name or title.
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: name
    owner: TopicSpecificPolicy
    domain_of:
    - NamedEntity
    range: string
    required: true
  description:
    name: description
    description: Detailed description of the entity.
    comments:
    - Should provide sufficient detail for understanding without external reference
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: description
    owner: TopicSpecificPolicy
    domain_of:
    - NamedEntity
    range: string
  created_date:
    name: created_date
    description: Date when the entity was created.
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: created_date
    owner: TopicSpecificPolicy
    domain_of:
    - NamedEntity
    range: date
  modified_date:
    name: modified_date
    description: Date when the entity was last modified.
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: modified_date
    owner: TopicSpecificPolicy
    domain_of:
    - NamedEntity
    range: date
  version:
    name: version
    description: Version identifier for the entity.
    comments:
    - Supports document control requirements per 7.5.3 e)
    examples:
    - value: '1.0'
    - value: 2.3.1
    from_schema: https://w3id.org/lmodel/iso27001
    rank: 1000
    alias: version
    owner: TopicSpecificPolicy
    domain_of:
    - NamedEntity
    range: string