Expert Advice Community

Guest

27001 questions

  Quote
Guest
Guest user Created:   Mar 26, 2021 Last commented:   Mar 26, 2021

27001 questions

1. Please confirm the following versions of the Mandatory Documents the latest/current versions: ISO 27001 – ver 3.9, 2020-02-10

2. Within the ISO 27001 Documentation Toolkit List See attachment 27001A

  • No. 57, Doc Code 10, Internal Audit Procedure: This does not have a green check mark as a Mandatory Document, however No. 58 and 59 Appendix 1 and 2 has a green check mark for a mandatory document.  Should the Procedure for Internal Audit be checked as a mandatory document?  See attachment 27001A Screenshot 1.
  • No. 21 – 25, although these are not checked as a Mandatory Document, do we still need to create policies for them and all other documents/appendixes that are not checked as well?  See screenshot 2. This question would apply to ISO 20000 Document Toolkit as well?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 26, 2021

1. Please confirm the following versions of the Mandatory Documents the latest/current versions: ISO 27001 – ver 3.9, 2020-02-10

Yes, the version you stated is the latest/current version.

2. Within the ISO 27001 Documentation Toolkit List See attachment 27001A

No. 57, Doc Code 10, Internal Audit Procedure: This does not have a green check mark as a Mandatory Document, however No. 58 and 59 Appendix 1 and 2 has a green check mark for a mandatory document.  Should the Procedure for Internal Audit be checked as a mandatory document?  See attachment 27001A Screenshot 1.
No. 21 – 25, although these are not checked as a Mandatory Document, do we still need to create policies for them and all other documents/appendixes that are not checked as well?  See screenshot 2. This question would apply to ISO 20000 Document Toolkit as well?

Regarding Docs 57 to 59, please note that ISO 27001 does not require an Internal Audit procedure to be documented, only the documentation of the audit program (s) and the audit results.

Regarding Docs 21 to 25, controls related to them only require practices to be implemented, not the development of documentation. For controls related to these documents a brief description in the Statement of Applicability about how they are implemented would be enough. Provided templates are used because most organizations understand consider them good practice, even if they are not mandatory by the standard.

Regarding Doc 26, control A.12.1.1 (Documented operating procedures), covered by this template, requires operating procedures to be implemented, so if this control is applicable in your case you need to document the procedures.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 26, 2021

Mar 26, 2021

Suggested Topics