The management procedures deal with the operational processes that characterize the typical activity of the organization, also called primary processes and support processes.
The operational processes that fall within the scope of this management system are the following and are reported, with their original name, by the corresponding procedures drawn up, applied and to be kept in the organization:
Requirements
Design
Outsourcing
Production
Preservation
Non-compliant output control
The scope of application of this management system also includes support processes concerning personnel, resources, analysis and monitoring, audits, and reviews and which are also reported in the corresponding procedures:
Context monitoring
Staff organization
Risk and opportunity management
Goals
Asset management
People and skills
Communication
Documented information
Monitoring, measurement and analysis
Internal Audits
Management review
Non-conformities and corrective actions
Continuous improvement
Within the same procedures, in relation to the risks and their extent, the security controls indicated in Annex A of the ISO 27001: 2017 standard and described in the “Information Security Plan” have been integrated