Minimal documentation for certification

1. 00 Procedure for Document and Record Control
2. 01 Project Plan
3. 02 Procedure for Identification of Requirements
4. 03 ISMS Scope Document
5. 04 Information Security Policy
6. 05 Risk Assessment and Risk Treatment Methodology
After editing the above documents and looking at the total number of documents, we are wondering if we need to complete all the documents for a company of our profile or we could limit them to a fewer documents. Maybe, we could consider the relevant and mandatory ones for us to pass the ISO 27001/ ISO 22301 certifications.
Please advise us on how we could make the document preparation and certification processes faster and easier.

Answer:

In fact you do not need to complete all documents to be compliant with ISO 27001 and ISO 22301. Besides the mandatory documents, the toolkit includes most common used documents, based on results or risk assessments and/or best practices.

Included i n the toolkit there is a List of document files that identifies the mandatory documents and the ones you have to implement only in case you have unacceptable risks to justify their implementation.