Documented processes
I have a question - must a team have documented processes to comply with ISO 27001? In other words, if during an audit you come across a team that has not documented their processes, is that a non conformity?
Assign topic to the user
Please note that ISO 27001 does not require all processes included in the ISMS scope to be documented. Unless a process is specifically required by the standard (e.g. Risk assessment and risk treatment process in clause 6.1.2), or the organization states that it needs to be documented, then you do not need to document it.
For further information, see:
- List of mandatory documents according to the ISO 27001 2022 revision https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-revision
Comment as guest or Sign in
Apr 17, 2023