SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Documented information by organization as being necessary for effectiveness of t

  Quote
Guest
Guest post Created:   Jan 12, 2016

Documented information by organization as being necessary for effectiveness of t

he ISMSWe've received the following question:
About clause 7.5.1, what is the meaning of "documented information by organization as being necessary for the effectiveness of the isms".
Answer:
ISO 27001 version 2013 reduced the number of mandatory documents in the ISMS, compared with the ISO 27001:2005 version. But, from an experienced ISMS management point of view further documentation is required in order to help the ISMS implementation and management. The required documentation may be different from one organization to other depending on size, type of activity, products, services or processes.
Here you can find some examples of aditional documentation to the mandatory documentation of the standard: https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
As a personal experience I can share that to address A11.1 Secure Areas I usually promote the usage of facilities layouts maps using a color code identifying the different security perimeters, and the definition of policies, processes and procedures in accorda nce with the security perimeters. This is not required but it is very useful for the organization.
Hope it helps
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016