I’m missing one document in my ISMS, that is for clause 7.2 (Competence). Could you point me in the direction of a good format to put this information in. It’s a record of all people involved in monitoring and managing the overall ISMS right?
ISO 27001 does not prescribe a format to document evidence of required competencies, so organizations can adopt the format that best fit their needs (e.g., certificates, attendance lists, references from previous employers, etc.).
As for what to document, the evidence of competence must be related to experience, knowledge or skills required to perform activities that can impact the ISMS (e.g., secure development competencies for the development and maintenance of information systems included in the ISMS scope, audit techniques for internal auditors, etc.).
You need to evidence competency of anyone who has an impact on the performance of the ISMS, i.e., those who put together and manage the ISMS (e.g., managers and technical staff), and also of those who have to follow the policies and procedures (e.g., all employees included in the ISMS scope).
These articles will provide you a further explanation about competence evidence for ISO 27001: