Thank you for your email, I was wondering regarding Clause 8.1 would you expect to see any evidence like an Operational Control Procedure and what content would you expect to see in it?
Assign topic to the user
Expert
Rhand Leal
Mar 31, 2022
I’m assuming you are referring to clause 8.1 Operational planning and control.
Considering that, please note that this clause does not require a specific document by itself.
To fulfill this clause, you need to implement:
- the first version of the Risk assessment, Risk Treatment, Statement of Applicability, and Risk Treatment Plan (clauses 8.2 and 8.3 refers to subsequent implementations of risks assessment and risk treatment processes)
- the controls from Annex A stated as applicable in the Statement of Applicability
- the mandatory documents related to clauses 4 to 10.
These articles will provide you with a further explanation of ISO 27001 required documents:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
Comment as guest or Sign in
Mar 31, 2022
Mar 31, 2022
Mar 31, 2022