Documents and records
Assign topic to the user
The first thing is that you have to differentiate between documents and records, they are not the same thing. A document can be a procedure, a methodology, a plan, etc. A record can be result of internal audit, result of management review, logs, etc. So, the difference is that a document describes actions, whereas a record is the result (and evidences for auditors) of actions performed.
Second thing, you have to read this article to know what are the list of mandatory documents and records that you need in the ISO 27001 (also you can see Non mandatory documents) List of mandatory documents required by ISO 27001 (2013 revision): https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Comment as guest or Sign in
Jan 12, 2016