Clause 8.1. There is a requirement to establish criteria for the process, The question is how can we establish it?
Answer:
Regarding clause 8.1 Operational planning and control of ISO 27001:2013, I am not sure what you mean because this clause is not related with a "criteria for the process", here basically you need records about the approval of information security objectives, project plan, processes outsourced and also you need records about possible changes about all of the above.
Anyway keep in mind that it is not mandatory to have a document for this clause, you can see the list of mandatory documents (and non mandatory) here List of mandatory documents required by ISO 27001 (2013 revision) : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Comment as guest or Sign in
Jan 12, 2016