4 questions related to ISMS
Assign topic to the user
No, there is no requirement for ISMS Manual in ISO 27001 - see here the list of all mandatory documents according to ISO 27001: https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Statement of Applicability is the document where you should refer to individual clauses/controls of ISO 27001 and specify how you implemented them.
2) Is the Project plan a required document, since the realization of the project is defined in the contract with the client?
Project plan is not a required document, but it is recommended since there you specify into more detail who has to do what during the project (normally you wouldn't specify such level of detail in a contract).
3) Is it required to nominate a person responsible for ISMS by a separate decision, or can this be documented in the job description?
You can do it either way, but usually you specify who is responsible for what in various ISMS policies and procedures.
4) Are Business Continuity Policy and Business Continuity Plan mandatory?
If you implement ISO 22301, both of these documents are required; if you implement ISO 27001 then Business Continuity Policy is not required, while Business continuity plan (or procedures) are required according to control A.17.1.2. Theoretically, you could decide to exclude control A.17.1.2, but I haven't seen anyone do it.
Comment as guest or Sign in
Jan 12, 2016