Skip to main content
ISO_27001_CLAUSES is an array exported from src/store/clausesCatalog.js that defines the complete three-level hierarchy of ISO 27001:2022 Clauses 4–10. It is the structural backbone of the Clauses 4–10 module. 
import { ISO_27001_CLAUSES } from './store/clausesCatalog';

Data hierarchy

The catalog uses a three-level nesting structure: 
Clause  (e.g. "4 — Contexto de la organización")
└── Subclause  (e.g. "4.1 — Comprensión de la organización")
    └── Requirement  (e.g. "4.1.1 — Identificar factores internos/externos")
Conformance state is tracked at the requirement level using requirementId as the key in clauseStates.

Data shape

Clause

FieldTypeDescription
idstringClause number (e.g. '4')
namestringClause name
subclausesSubclause[]Child subclauses

Subclause

FieldTypeDescription
idstringSubclause number (e.g. '4.1')
namestringSubclause name
requirementsRequirement[]Child requirements

Requirement

FieldTypeDescription
idstringRequirement number (e.g. '4.1.1')
namestringRequirement name
// Example structure
{
  id: '4',
  name: 'Contexto de la organización',
  subclauses: [
    {
      id: '4.1',
      name: 'Comprensión de la organización y de su contexto',
      requirements: [
        { id: '4.1.1', name: 'Identificar factores internos/externos' }
      ]
    }
  ]
}

The seven clauses (4–10)

ISO 27001 Clauses 4–10 are normative — every requirement is mandatory for certification. The catalog covers all seven clauses:
ClauseNamePurpose in ISOwl
4Contexto de la organizaciónOrganisation context, interested parties, scope, and ISMS boundary
5LiderazgoTop management commitment, ISMS policy, and roles and responsibilities
6PlanificaciónRisk assessment, risk treatment, and information security objectives — includes the embedded Risk Management module
7SoporteResources, competence, awareness, communication, and documented information
8OperaciónOperational planning, risk treatment execution, and change management
9Evaluación del desempeñoMonitoring, measurement, internal audit, and management review
10MejoraNonconformity management, corrective action, and continual improvement
Clause 6 is the only clause with an embedded sub-module. When you expand Clause 6 in the Clauses page, the risk assessment form and heat map are rendered inline.

Helper functions

Three helper functions are exported alongside ISO_27001_CLAUSES to simplify requirement ID lookups.

getAllRequirementIds()

Returns every requirement ID across all clauses, subclauses, and requirements. Returns: string[] 
import { getAllRequirementIds } from './store/clausesCatalog';

const ids = getAllRequirementIds();
// ['4.1.1', '4.1.2', '4.2.1', ... all requirement IDs]
Used internally by compliance metric functions to count total requirements.

getClauseRequirementIds(clauseId)

Returns all requirement IDs that belong to a specific top-level clause.
ParameterTypeDescription
clauseIdstringClause identifier (e.g. '6')
Returns: string[] 
import { getClauseRequirementIds } from './store/clausesCatalog';

const ids = getClauseRequirementIds('6');
// All requirement IDs in Clause 6
Used by getClauseProgress(clauseId) in the store to calculate per-clause compliance.

getSubclauseRequirementIds(subId)

Returns all requirement IDs that belong to a specific subclause.
ParameterTypeDescription
subIdstringSubclause identifier (e.g. '6.1')
Returns: string[] 
import { getSubclauseRequirementIds } from './store/clausesCatalog';

const ids = getSubclauseRequirementIds('6.1');
// All requirement IDs in subclause 6.1
Used by getSubclauseProgress(subclauseId) to calculate progress at the subclause level.

How requirement IDs are used

Requirement IDs serve as the primary key for tracking conformance state in the store. The clauseStates map in the store is keyed by requirement ID: 
clauseStates: {
  '4.1.1': { status: 'Implementado', maturity: 3, owner: 'CISO', lastReviewDate: '2025-01-15', notes: '' },
  '4.1.2': { status: 'En progreso', maturity: 2, owner: 'IT Team', lastReviewDate: '', notes: '' },
  // ...
}
When you call updateRequirementState('4.1.1', { status: 'Implementado' }), the store merges the new data into clauseStates['4.1.1']. Valid status values are: 'No iniciado', 'En progreso', 'Implementado', 'No aplica'.

ISO 27001 standard

Background on ISO 27001:2022, the ISMS concept, and how each clause maps to ISOwl features.

Store reference

Full reference for updateRequirementState(), getRequirementState(), and the clauseStates field.

Clauses feature

User-facing documentation for the Clauses 4–10 module.

ISO controls

Reference for the complementary ISO_CONTROLS export used in Annex A.

Build docs developers (and LLMs) love

Get started for freeTalk to us