Compliance with ISO 27001

Answer: For the identification of the mandatory documentation needed for compliance with ISO 27001 I suggest you to take a look at this article: List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

Regarding the identification of documentation importance, I suggest you to take a look at this article:8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/

Regarding the actions to be taken to ensure an ISMS compliance is ready for certification, I suggest you to see this article: ISO 27001 implementatio n checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

2 - Also, during the assessment, there might be chances that some of the solutions i.e. Access Control, Incident management, completely does not exist. In that case what would be action item, because due to the budget constraint, some of the solution deployment may not be feasible this year? Is there any alternative available to make us complaint without putting actual solution in place.

Answer: In some cases, it is possible to implement a control at some later time - however you need to fulfill the following: (1) there is no major risk with pending treatment, (2) the Risk Treatment Plan clearly defined that the control will be implemented at a later date, and (3) risk owners have accepted the risks related to control that will be implemented later.

These materials will also help you regarding compliance with ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/