Documentation required for Internal External and Interested parties
Assign topic to the user
Answer: The new clauses introduced in the main part of ISO 27001:2013 do not require any specific documentation to be kept related to Internal, External and Interested parties.
Regarding Annex A, control A.18.1.1 - Identification of applicable legislation and contractual requirements, previously control A.15.1.1 on ISO 27001:2005), requires the documentation of Internal, External and Interested parties requirements, such as statutory, regulatory, contractual requirements, but you only have to do that if this control is considered applicable in your Statement of Applicability.
This article will provide you further explanation about ISO 27001 required documentation:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
These materials will also help you regarding ISO 27001 required documentation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Aug 31, 2017