27001 questions

1. Please confirm the following versions of the Mandatory Documents the latest/current versions: ISO 27001 – ver 3.9, 2020-02-10

Yes, the version you stated is the latest/current version.

2. Within the ISO 27001 Documentation Toolkit List See attachment 27001A

No. 57, Doc Code 10, Internal Audit Procedure: This does not have a green check mark as a Mandatory Document, however No. 58 and 59 Appendix 1 and 2 has a green check mark for a mandatory document.  Should the Procedure for Internal Audit be checked as a mandatory document?  See attachment 27001A Screenshot 1.
No. 21 – 25, although these are not checked as a Mandatory Document, do we still need to create policies for them and all other documents/appendixes that are not checked as well?  See screenshot 2. This question would apply to ISO 20000 Document Toolkit as well?

Regarding Docs 57 to 59, please note that ISO 27001 does not require an Internal Audit procedure to be documented, only the documentation of the audit program (s) and the audit results.

Regarding Docs 21 to 25, controls related to them only require practices to be implemented, not the development of documentation. For controls related to these documents a brief description in the Statement of Applicability about how they are implemented would be enough. Provided templates are used because most organizations understand consider them good practice, even if they are not mandatory by the standard.

Regarding Doc 26, control A.12.1.1 (Documented operating procedures), covered by this template, requires operating procedures to be implemented, so if this control is applicable in your case you need to document the procedures.