The Statement of Acceptance of ISMS System Documents
Assign topic to the user
Answer:
First is important to understand that this Statement:
- is necessary only if they have found risks or some other reason to use it
- is not necessary if you have some other way to prove that the documents were read by employees (e.g., through a document management system)
Considering that, the auditor's role is to verify if documents comply with the standard's requirements and if people's activities and process comply with what was documented, so the auditor will not require employees to sign this or that policy, but will check if they understand the policies, procedures and documents that are listed in the Statement of Acceptance of ISMS System Documents.
As for which documents to include in the statement, you have to include all documents from the toolkit you implemented.
This article may provide you further information:
- Which questions will the ISO 27001 certificatio n auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
Comment as guest or Sign in
Mar 07, 2019