This document defines a process reference model (PRM) for the domain of information securitymanagement, which is meeting the criteria defined in ISO/IEC 33004 for process reference models (seeAnnex A). It is intended to guide users of ISO/IEC 27001 to:
— incorporate the process approach as described by ISO/IEC 27000:2018, 4.3, within the ISMS;— be aligned to all the work done within other standards of the ISO/IEC 27000 family from theperspective of the operation of ISMS processes— support users in the operation of an ISMS ? this document is complementing the requirements-orientedperspective of ISO/IEC 27003 with an operational, process-oriented point of view.
