Actions to address risks and oportunities - 6.1.1 General
Assign topic to the user
There is no mandatory to have a document for the clause 6.1.1, where you need to have a document is in the clause 6.1.2 and 6.1.3, which are related with 6.1.1 and they describe how to address risks and opportunities. You can see in the standard, at the end of these clauses, "The organization shall retain documented information about.." So, when you see it in a clause, means that you need a document.
If you want to see the list of mandatory documents (and non mandatory) of the standard, please read this article "List of mandatory documents required by ISO 27001 (2013 revision)": https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Comment as guest or Sign in
Jan 12, 2016