Assign topic to the user
During the implementation of ISO 9001, ISO 14001, OHSAS 18001 etc. as a main document one has to write the Manual which contains general information about the company, overview of procedures and records, and maybe an org chart. Please answer me how to write the ISMS Manual as a top-level document. Also I'm interested which type of documents are the documents from Annex A (procedures or something else)?
Answer:
It is not necessary by the ISO 27001 to have a manual, so we recommend you to not develop this document, and please read this article Is the ISO 27001 Manual really necessary? : https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/
Regarding documents from Annex A, there can be procedures, and technical instructions, but also can be policies, and plans, but keep in mind that it is not necessary to have a document for each control. Here you can find a list of mandatory documents List of mandatory documents required by ISO 27001 (2013 revision) : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Comment as guest or Sign in
Jan 12, 2016