Could you please give me a feedback regarding these documents 10.1, 10.2, 11.2 and 12.1?
There are indicated as mandatory. but we think that must be filled after the audit step right?
Maybe only the document 10.1 must be filled now.
We are waiting for some news.
I’m assuming you are referring to documents 10.1 Internal Audit Program, 10.2 Internal Audit Report, 11.2 Management Review Minutes, and 12.1 Corrective Action Form.
Considering that, the Internal Audit Program needs to be filled before the internal audits are performed (this is the document that will define how many audits will be needed, covering which topics and their dates).
The internal audit report needs to be filled in after the conclusion of each planned internal audit.
The Management Review Minutes are typically filled out after the management review has been completed, but some companies might use Minutes also as a preparation and in such cases you can use a 2-step approach: 1) data required as input for management review is filled in in the Minutes after all ISMS elements to be implemented are defined and as soon as the data is available; and 2) data required as output for management review is filled in after the end of the meeting.
Corrective action forms are filed at any time a corrective action is required. Please note that corrective action can be originated either as a result of an internal audit or as a result of an incident or operational deviation.