Expert Advice Community

Guest

ISO 27001 - feedback about some documents

  Quote
Guest
Guest user Created:   Oct 12, 2021 Last commented:   Oct 12, 2021

ISO 27001 - feedback about some documents

Could you please give me a feedback regarding these documents 10.1, 10.2, 11.2 and 12.1?

There are indicated as mandatory. but we think that must be filled after the audit step right?

Maybe only the document 10.1 must be filled now.

We are waiting for some news.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 12, 2021

I’m assuming you are referring to documents 10.1 Internal Audit Program, 10.2 Internal Audit Report, 11.2 Management Review Minutes, and 12.1 Corrective Action Form.

Considering that, the Internal Audit Program needs to be filled before the internal audits are performed (this is the document that will define how many audits will be needed, covering which topics and their dates).

The internal audit report needs to be filled in after the conclusion of each planned internal audit.

The Management Review Minutes are typically filled out after the management review has been completed, but some companies might use Minutes also as a preparation and in such cases you can use a 2-step approach: 1) data required as input for management review is filled in in the Minutes after all ISMS elements to be implemented are defined and as soon as the data is available; and 2) data required as output for management review is filled in after the end of the meeting.

Corrective action forms are filed at any time a corrective action is required. Please note that corrective action can be originated either as a result of an internal audit or as a result of an incident or operational deviation.

For further information, see:
- Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
- Project checklist for ISO 27001 implementation https://info.advisera.com/27001academy/free-download/project-checklist-for-iso-27001-implementation

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 12, 2021

Oct 12, 2021

Suggested Topics