LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

ISO 27001 Mandatory documentation

  Quote
Guest
Guest user Created:   Apr 23, 2018 Last commented:   Apr 23, 2018

ISO 27001 Mandatory documentation

I have a question for you with regards to Document Control for ISO 27001. In the Checklist of Mandatory Documentation Required by ISO 27001:2013 it lists Procedure for Document Control as a Commonly Used Non-Mandatory Document however when I read the Document Management in ISO 27001 Blog dated March 20, 2010 it states that you won’t get certified if you do not have a Procedure for Managing Documents. These 2 information sources appear to be in conflict to me. Could you provide me with some details please?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 23, 2018

Answer: The text in the Document Management from ISO 27001 Blog refers to the ISO 27001:2005 standard, in which the Procedure for Managing Documents is in fact mandatory. This standard was superseded by ISO 27001:2013, which is now the current standard, and in this version the Procedure for Managing Documents is not mandatory.

These materials will provide you further explanation about the differences between the versions of the standard:
- A first look at the new ISO 27001 https://advisera.com/27001academy/blog/2013/01/28/a-first-look-at-the-new-iso-27001-2013-draft-version/
- Infographic: New ISO 27001 2013 revision – What has changed? https://advisera.com/27001academy/knowledgebase/infographic-new-iso-27001-2013-revision-what-has-changed/

2 - Also, could you share with me how you came up with the Checklist of Mandatory Documentation? I can’t seem to find the source of the information in the ISO 27001:2013 Standard. Not sure if it is there or in another ISO document.

Answer: To identify the mandatory documentation in the standard you have to find the requirements that demand "documented information" to be available, to be kept, to be retained, or any other similar verb or expression. For example:
- The scope shall be available as documented information.
- The organization shall retain documented information about the information security risk assessment process.

This article will provide you further explanation about ISO terminology:
- Explanation of the basic terminology in ISO standards https://advisera.com/27001academy/blog/2015/01/12/explanation-of-the-basic-terminology-in-iso-standards/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 22, 2018

Apr 22, 2018

Suggested Topics