Expert Advice Community

Guest

Documents necessary for audit

  Quote
Guest
Guest user Created:   Dec 19, 2020 Last commented:   Dec 19, 2020

Documents necessary for audit

Quisiera hacer una consulta….  

¿qué documentos, de manera necesaria, se debe presentar a una Auditoría para Certificación ISO 27001, a parte de las políticas, procedimientos obligatorios de ISO 27001?

Por ejemplo: Mapa procesos, manual del SGSI, etc.)

(I would like to make an inquiry…. What documents, in a necessary way, must be presented to an Audit for ISO 27001 Certification, apart from the policies, mandatory procedures of ISO 27001? For example: Process map, ISMS manual, etc.)

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 19, 2020

Besides mandatory documents required by the standard (e.g., ISMS scope, Information Security Policy, etc.), and documents related to controls implemented to treat relevant risks and applicable legal requirements, only documents deemed relevant by the own organization need to be presented to an Audit for ISO 27001 Certification, and these will depend on business needs, strategies, and objectives.

For example, an organization may identify that projects’ specifications are relevant for the ISMS scope, then these will need to be presented to the auditor. The same applies to processes maps.

Regarding an ISMS manual, in fact, ISO 27001 requirements have never prescribed the development of an ISMS Manual, and for good reasons. If you put all the policies and procedures into a single document, this will make the reading of such a document very difficult. Additionally, the standard already has a requirement for a document that describes how a company will implement its information security – it is called Statement of Applicability.

Included in your toolkit there is a List of documents file which identifies which documents are mandatory and those most often used because they are considered good practice.

These articles will provide you  further explanation about ISMS Manual and mandatory documents:
- Is the ISO 27001 Manual really necessary? https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/ 

These materials will also help you regarding ISMS documentation:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- ISO 27001 Free online training ISO 27001 Foundations Course http://training.advisera.com/course/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 19, 2020

Dec 19, 2020