Guest user Created: Oct 21, 2021 Last commented: Oct 21, 2021

Documenting processes in the ISMS

how exactly do the individual ISMS processes need to be mapped? E.g., is it enough to write "HR" or do I have to explain every step of for example the process "managing employees"?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Oct 21, 2021

Please note that ISO 27001 does not require "mapping" or documenting of each and every process in the Information Security Management System (ISMS) scope.

For example, the HR process does not need to be documented, but if you decide to write it, you only need to document it in the level necessary for the people using them to perform their jobs correctly and securely.

For example, the documentation detail level for experienced personnel will be much lesser than for novice personnel.

These articles will provide you a further explanation about documentation development:
- How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 21, 2021

Expert Advice Community