Documented information
Assign topic to the user
Yes, it is correct. There are some documents that are mandatory for the ISO 27001 (an example is the Access Control Policy, by the clause A.9.1.1). If you want to know the list of mandatory documents and records (remember that they are different things), you can read this article (also you can see non mandatory documents) List of mandatory documents required by ISO 27001 (2013 revision): https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Antonio, I meant if these documents should be considered documented information.
Thanks.
Yes, they are considered as documented information.
Sorry for the delay, we have had a problem with the notifications.
Hello Antonio,
Where can I find in ISO/IEC 27001 that these documents are documented information?
Thanks.
Hi Jose Antonio
You can read in the description of the control A.9.1.1 Access control policy: An access control policy shall be established, documented and reviewed based on business and information security requirements.
As you can see, the standard establishes that this control shall be documented, so you can consider it as documented information.
Comment as guest or Sign in
Jan 12, 2016