Expert Advice Community

Guest

ISO 27001 mandatory documentation question

  Quote
Guest
Guest user Created:   Jul 31, 2020 Last commented:   Jul 31, 2020

ISO 27001 mandatory documentation question

Hi, is there a list of mandatory documents (published by ISO itself)?? We have a package from Advisera and Clause 7.5 was not marked as mandatory, but our Auditor stated it was

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 31, 2020

ISO does not publish lists of mandatory documents and records for its standards, but they are easily identifiable.

In the ISO world, mandatory requirements/documents/records are related to the words “must” or “shall”, while nonmandatory requirements/documents/records are related to the words “may” or “should”. For example:
- "The scope shall be available as documented information"
- "... shall retain documented information about the information security risk assessment/treatment..."
- "... shall retain documented information on the information security objectives."

In clause 7.5, which defines requirements for documented information (i.e., management of documents and records), there are no requirements demanding written practices for creation, updating and control of documents and records. What happens in real life is that a procedure for control of documents and records is written as a good practice when organizations see this is worthy. This procedure is part of ISO 27001 toolkit even though such document is not mandatory.

 These materials will also help you regarding document management:

- Explanation of the basic terminology in ISO standards https://advisera.com/27001academy/01academy/emy/ademy/my/blog/15/01/12/explanation-of-the-basic-terminology-in-iso-standards/

- Checklist of mandatory documentation required by ISO 27001:2013 (PDF) https://info.advisera.com/27001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-27001

- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/h-guide/g-iso-documentation-plain-english-guide/

 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 30, 2020

Jul 30, 2020

Suggested Topics