ISMS documents

If I understood correctly, it seems to you that some documents are missing.

Considering that, Advisera's ISO 27001 Documentation Toolkit does not have a document for each and every control from ISO 27001 because of the following reasons:

    1) ISO 27001 does not require each and every control to be documented
    2) If the toolkit had a document for each control, there would be too many documents, and this would be an overkill for smaller and mid-size companies.

Since our targets are SMEs, we have decided to include an optimum amount of documents for companies of this size - the toolkit includes:

    All the mandatory documents - e.g. Information Security Policy, Statement of Applicability, Risk Assessment Methodology, Access Control Policy, etc.
    Documents that are not mandatory, but are commonly used - e.g. BYOD Policy, Classification Policy, Password Policy, Backup Policy, etc.

You can see a full list of documents included in the toolkit in the list of documents file in your toolkit.

In case your organization needs a document not included in the toolkit, you can use the blank template included in the toolkit to write the document yourself, send us an email asking the specific questions about this new document, or schedule a meeting with one of our experts, so he can help you to write the document. You can schedule a meeting at this link: https://advisera.com/27001academy/consultation/