Documents necessary for audit
Quisiera hacer una consulta….
¿qué documentos, de manera necesaria, se debe presentar a una Auditoría para Certificación ISO 27001, a parte de las políticas, procedimientos obligatorios de ISO 27001?
Por ejemplo: Mapa procesos, manual del SGSI, etc.)
(I would like to make an inquiry…. What documents, in a necessary way, must be presented to an Audit for ISO 27001 Certification, apart from the policies, mandatory procedures of ISO 27001? For example: Process map, ISMS manual, etc.)
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Besides mandatory documents required by the standard (e.g., ISMS scope, Information Security Policy, etc.), and documents related to controls implemented to treat relevant risks and applicable legal requirements, only documents deemed relevant by the own organization need to be presented to an Audit for ISO 27001 Certification, and these will depend on business needs, strategies, and objectives.
For example, an organization may identify that projects’ specifications are relevant for the ISMS scope, then these will need to be presented to the auditor. The same applies to processes maps.
Regarding an ISMS manual, in fact, ISO 27001 requirements have never prescribed the development of an ISMS Manual, and for good reasons. If you put all the policies and procedures into a single document, this will make the reading of such a document very difficult. Additionally, the standard already has a requirement for a document that describes how a company will implement its information security – it is called Statement of Applicability.
Included in your toolkit there is a List of documents file which identifies which documents are mandatory and those most often used because they are considered good practice.
These articles will provide you further explanation about ISMS Manual and mandatory documents:
- Is the ISO 27001 Manual really necessary? https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
These materials will also help you regarding ISMS documentation:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- ISO 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Dec 19, 2020