Guest
Guest post
Created:
Jan 12, 2016
Documented information by organization as being necessary for effectiveness of t
he ISMSWe've received the following question:
About clause 7.5.1, what is the meaning of "documented information by organization as being necessary for the effectiveness of the isms".
Answer:
ISO 27001 version 2013 reduced the number of mandatory documents in the ISMS, compared with the ISO 27001:2005 version. But, from an experienced ISMS management point of view further documentation is required in order to help the ISMS implementation and management. The required documentation may be different from one organization to other depending on size, type of activity, products, services or processes.
Here you can find some examples of aditional documentation to the mandatory documentation of the standard: https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
As a personal experience I can share that to address A11.1 Secure Areas I usually promote the usage of facilities layouts maps using a color code identifying the different security perimeters, and the definition of policies, processes and procedures in accorda nce with the security perimeters. This is not required but it is very useful for the organization.
Hope it helps
About clause 7.5.1, what is the meaning of "documented information by organization as being necessary for the effectiveness of the isms".
Answer:
ISO 27001 version 2013 reduced the number of mandatory documents in the ISMS, compared with the ISO 27001:2005 version. But, from an experienced ISMS management point of view further documentation is required in order to help the ISMS implementation and management. The required documentation may be different from one organization to other depending on size, type of activity, products, services or processes.
Here you can find some examples of aditional documentation to the mandatory documentation of the standard: https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
As a personal experience I can share that to address A11.1 Secure Areas I usually promote the usage of facilities layouts maps using a color code identifying the different security perimeters, and the definition of policies, processes and procedures in accorda nce with the security perimeters. This is not required but it is very useful for the organization.
Hope it helps
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016