Documenting processes in the ISMS
Assign topic to the user
Please note that ISO 27001 does not require "mapping" or documenting of each and every process in the Information Security Management System (ISMS) scope.
For example, the HR process does not need to be documented, but if you decide to write it, you only need to document it in the level necessary for the people using them to perform their jobs correctly and securely.
For example, the documentation detail level for experienced personnel will be much lesser than for novice personnel.
These articles will provide you a further explanation about documentation development:
- How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Comment as guest or Sign in
Oct 21, 2021