High-Level Structure (HLS)
Definition
The common clause framework mandated by ISO for all management system standards. Clauses 4 through 10 of ISO 27001 follow the same structure as ISO 9001, ISO 14001, and ISO 22301, enabling integrated management systems without duplicating common elements such as context, leadership, and improvement.
Related terms
- Annex A
- The normative annex to ISO/IEC 27001 that lists 93 information security controls across four themes: organisational (37 controls), people (8), physical (14),...
- Information Security Management System (ISMS)
- The set of policies, processes, procedures, and controls that an organisation establishes to manage information security risk. ISO 27001 specifies the requirements...
- ISO/IEC 27002
- A guidance standard (not certifiable) that provides implementation advice for each of the 93 controls in ISO 27001 Annex A. Updated in...
- Risk owner
- The individual or role accountable for ensuring a risk is treated appropriately and that the treatment remains effective. Owners should control the...
- Statement of Applicability (SoA)
- A mandatory document listing every ISO/IEC 27001 Annex A control with a statement of whether it is included or excluded, the justification...
Explained in
- ISO/IEC 27001: Standard Structure and RequirementsThe common clause framework mandated by ISO for all management system standards. Clauses 4 through 10 of ISO 27001 follow the same structure as ISO 9001, ISO 1...