Documentation review
Assign topic to the user
Answer: ISO 27001 does not require an ISMS Implementation Project Plan as documented information. The plan required by the standard as documented information is the Risk Treatment Plan Plan (clauses 6.1.3 e and 6.2). During documentation review you use the risk treatment plan to verify if all documentation implemented conform the deadlines defined, or you update the risk treatment plan itself if a policy review is needed because of the changes in risk (e.g., a new risks or changes in an already identified risks).
These articles will provide you further explanation about mandatory documents and risk treatment:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by- iso-27001-2013-revision/
- Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
These materials will also help you regarding mandatory documents and risk treatment:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free webinar – The basics of risk assessment and treatment according to ISO 27001 https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Free online webinar ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Dec 13, 2016