ISO 27001 examples of the acceptable evidence
I am looking for a reference or book that gives examples of the acceptable evidence to provide during an audit for each of the ISO 27002 controls.
does "ISO 27001 ANNEX A CONTROLS IN PLAIN ENGLISH? provide this?
Assign topic to the user
This book provides information about what to consider when implementing controls (e.g., which documents to write, which responsibilities to define, which actions to perform, etc.), but is does not provide specific examples of acceptable evidences for an audit. Broadly speaking, examples of evidences are:
- logs
- files in the system
- diagrams of the network
- configuration of platforms
- agreements with suppliers or customers
- filled forms
Comment as guest or Sign in
Apr 10, 2020