ISO 27001 Mandatory documentation
Assign topic to the user
Answer: The text in the Document Management from ISO 27001 Blog refers to the ISO 27001:2005 standard, in which the Procedure for Managing Documents is in fact mandatory. This standard was superseded by ISO 27001:2013, which is now the current standard, and in this version the Procedure for Managing Documents is not mandatory.
These materials will provide you further explanation about the differences between the versions of the standard:
- A first look at the new ISO 27001 https://advisera.com/27001academy/blog/2013/01/28/a-first-look-at-the-new-iso-27001-2013-draft-version/
- Infographic: New ISO 27001 2013 revision – What has changed? https://advisera.com/27001academy/knowledgebase/infographic-new-iso-27001-2013-revision-what-has-changed/
2 - Also, could you share with me how you came up with the Checklist of Mandatory Documentation? I can’t seem to find the source of the information in the ISO 27001:2013 Standard. Not sure if it is there or in another ISO document.
Answer: To identify the mandatory documentation in the standard you have to find the requirements that demand "documented information" to be available, to be kept, to be retained, or any other similar verb or expression. For example:
- The scope shall be available as documented information.
- The organization shall retain documented information about the information security risk assessment process.
This article will provide you further explanation about ISO terminology:
- Explanation of the basic terminology in ISO standards https://advisera.com/27001academy/blog/2015/01/12/explanation-of-the-basic-terminology-in-iso-standards/
Comment as guest or Sign in
Apr 22, 2018