Guest user Created: Aug 28, 2018 Last commented: Aug 28, 2018

Main documents for certification

I wanted to find out what sort of challenges your clients face with auditors or Certification Bodies when they use your documentation toolkit. Also, are there any specific areas or even documentation we need to give extra attention from your toolkit as we prepare for certification?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Aug 28, 2018

Answer:

The main challenge with auditors or Certification Bodies happens when organizations focus on writing the documents without taking care that the described activities are really implemented and documented. A second one is keeping the documentation updated when changes are implemented in the ISMS environment.

Regarding specific areas and documentation, you must focus on writing all the mandatory documents (included in the toolkit there is a List of Documents file that identifies these ones), and base all the controls to be written and implemented on the results of the risk assessment.

These articles will provide you further explanation about documents:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/ knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 28, 2018

Expert Advice Community