Annex A section 5.1
I have had one of our ISO reviewers internally – asking why we don’t have Annex A section 5.1 (5.1.1 and 5.1.2) documents as part of the kit we purchased, or if these are covered in other sections?
Assign topic to the user
Controls A.5.1.1 and A.5.1.2 are covered by ca 20 policies and procedures you can find in folder "08 Annex A" - it does not make sense to have a specific document focused only on these two controls.
Additionally, is important to understand that ISO 27001 does not require every applicable control to be a separate document. In some cases, you only need to make a brief description of how it is implemented, and you can do that in our SoA template, in the column "Implementation Method".
This article will provide you a further explanation about the Statement of Applicability:
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
Comment as guest or Sign in
Mar 18, 2021