This came at the point i needed it. I am having some challenges with implenting the iSO27001. I am part of the implementation team at my work place. I have observed resistance at my work place because they think that it will require them to document all their work procedures. People are not willing to put down step by step documents of what and how they do their work. they feel threatended. The challenge i have is am unusure if they will be required to document all they do as part of operational procedures documentation.
Please how do i handle this.
Answer:
It is not mandatory to have a document for all clauses or requirements of the ISO 27001:2013, if you want to know the list of mandatory documents (and non mandatory) required by the standard, please read this article: List of mandatory documents required by ISO 27001 (2013 revision) : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Finally, I recommend you to read this article "8 criteria to decide which ISO 2700 1 policies and procedures to write" : https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016