Actions to address risks and oportunities - 6.1.1 General
In the documentation toolkit where is documented the requirements described in clause 6.1.1 General (Actions to address risks and opportunities) ? Auditor will probably check the compliance with this requirement.
Users and passwords
Procedure for identification of Requirements
Doing risk assessment department wise
One question why risk assessment in ISO 27001 needs to be done department wise like for IT is different, Sales it is different so what is the need to do it separately.