Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Documented information

I've got this question about documented information. Policies or procedures, like Control Access Policy, should be considered documented information Taking into account ISO 27001 7.5.1.b) clause, it seems that the company may decide this issue.

0 0

Assign topic to the user

Select user

Guest

AntonioS Jan 12, 2016

Yes, it is correct. There are some documents that are mandatory for the ISO 27001 (an example is the Access Control Policy, by the clause A.9.1.1). If you want to know the list of mandatory documents and records (remember that they are different things), you can read this article (also you can see non mandatory documents) List of mandatory documents required by ISO 27001 (2013 revision): https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

Quote

0 0

Guest

Guest post Jan 12, 2016

Antonio, I meant if these documents should be considered documented information.

Thanks.

Quote

0 0

Guest

AntonioS Jan 12, 2016

Yes, they are considered as documented information.

Sorry for the delay, we have had a problem with the notifications.

Quote

0 0

Guest

Guest post Jan 12, 2016

Hello Antonio,

Where can I find in ISO/IEC 27001 that these documents are documented information?

Thanks.

Quote

0 0

Guest

AntonioS Jan 12, 2016

Hi Jose Antonio

You can read in the description of the control A.9.1.1 Access control policy: An access control policy shall be established, documented and reviewed based on business and information security requirements.
As you can see, the standard establishes that this control shall be documented, so you can consider it as documented information.

Quote

0 0

Guest

Guest post Jan 12, 2016

Thanks, Antonio!

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community