Guest user Created: Dec 04, 2018 Last commented: Dec 04, 2018

ISMS manual

During my last ISO 9001 external audit, the auditor mentioned that there is now no real need for a Quality Manual. I’ve also come across comments that this applies to the ISMS as well. What are your thoughts on this?

0 1

Assign topic to the user

Select user

Expert

Rhand Leal Dec 04, 2018

Answer:

In fact ISO 27001 requirements do not prescribe the development of an ISMS Manual, and for good reasons. If you put all the policies and procedures into a single document, this will make the reading of such document very difficult. Additionally, the standard already has a requirement for a document that describe how a company will implement its information security – it is called Statement of Applicability.

This article will provide you further explanation about ISMS Manual:
- Is the ISO 27001 Manual really necessary? https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/

This material will also help you regarding ISMS Manual:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Dec 04, 2018

Expert Advice Community

ISMS manual

ISMS manual

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

SOA Based ISMS Manual

ISMS Manual contents

ISMS Manual