| InterestedParty |
A stakeholder whose needs and expectations are relevant to the ISMS per 4 |
no |
| NamedEntity |
Abstract base class for all entities with an identifier, name, and descriptio... |
yes |
| OperationalProcedure |
A documented procedure for operational planning and control per Clause 8 |
no |
| InternalAudit |
An internal audit instance per Clause 9 |
no |
| MonitoringProgram |
The program for monitoring, measurement, analysis, and evaluation per Clause ... |
no |
| RiskAssessmentProcess |
The documented risk assessment process per Clause 6 |
no |
| TopicSpecificPolicy |
A policy addressing a specific information security topic, supporting the ove... |
no |
| Risk |
An identified information security risk that may affect information security ... |
no |
| AuditFinding |
A finding from an internal audit, including nonconformities, observations, an... |
no |
| ImprovementOpportunity |
An opportunity for continual improvement per Clause 10 |
no |
| ManagementReview |
A management review per Clause 9 |
no |
| Nonconformity |
A nonconformity identified per Clause 10 |
no |
| InformationSecurityObjective |
A measurable information security objective per Clause 6 |
no |
| InformationSecurityPolicy |
The information security policy established by top management per Clause 5 |
no |
| Asset |
An information asset or associated asset requiring protection, per Annex A co... |
no |
| StatementOfApplicability |
The Statement of Applicability (SoA) recording which controls apply, their ra... |
no |
| InformationSecurityIncident |
An information security incident per A |
no |
| DocumentedInformation |
Abstract class for documented information per Clause 7 |
no |
| RiskTreatmentProcess |
The documented risk treatment process per Clause 6 |
no |
| CompetenceRecord |
Evidence of competence for personnel affecting information security performan... |
no |
| AuditProgramme |
The internal audit programme per 9 |
no |
| RiskAssessment |
An instance of risk assessment performed per Clause 8 |
no |
| CommunicationPlan |
Plan for internal and external communications relevant to the ISMS per Clause... |
no |
| InformationSecurityEvent |
An information security event per A |
no |
| InformationSecurityManagementSystem |
Top-level container representing an organization's complete ISMS per ISO 2700... |
no |
| AwarenessProgram |
The awareness program ensuring personnel understand their information securit... |
no |
| RiskTreatmentPlan |
A risk treatment plan documenting planned actions to address identified risks... |
no |
| SecurityControl |
A security control from Annex A of ISO/IEC 27001:2022, derived from ISO/IEC 2... |
no |
| Organization |
The organization establishing and operating the ISMS |
no |
| Resource |
A resource provided for the ISMS per Clause 7 |
no |
| CorrectiveAction |
A corrective action per Clause 10 |
no |
| Role |
An information security role with defined responsibilities and authorities pe... |
no |