Expert Advice Community

Home / ISO 27001 & 22301 / List of evidences / artefacts

Guest

List of evidences / artefacts

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Mar 10, 2018 Last commented:   Mar 10, 2018

List of evidences / artefacts

ISO 27001 & 22301
I need list of evidence/ artifacts to be asked client while doing risk assessment , it should include all the 114 controls, please provide all the 114 controls evidence to be asked client.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Mar 10, 2018

Example: HR security domain :-
Evidence required : Approved HR policy document, Roles and responsibility in the table in ISMS, Last 5 onboarded resources with training completed list and offboarded 5 resources list with offboard checklist and data removable certificate, access revoked mail confirmation. etc

Answer: It seems to me that you are making a mistake here.

When performing risk assessment there is no need to list evidences /artefacts. In this step you have to identify which risks are relevant considering the scope of the assessment.

Evidences and/or artefacts regarding the 114 controls from ISO 27001 Annex A are used when you perform either a gap analysis (to identify how many controls you already have implemented) or an audit (to evidence the controls implementation and performance).

For a list of questions regarding gap analysis, I suggest y ou to take a look at our free ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/

Its question-and-answer format allows you to visualize which specific elements of an information security management system are already implemented, and what still needs to be done.

For a list of questions regarding internal audit, I suggest you to take a look at the free demo of our Internal Audit Checklist at this link: https://advisera.com/27001academy/documentation/internal-audit-checklist/

For each clause or control from the standard the checklist provides one or more questions which should be asked during the audit in order to verify the implementation.

These articles will provide you further explanation about gap analysis, internal audit, risk assessment and checklists:
- ISO 27001 gap analysis vs. risk assessment https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/
- Risk assessment vs. internal audit in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/12/08/risk-assessment-vs-internal-audit-in-iso-27001-and-iso-22301/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 09, 2018

Mar 09, 2018

Suggested Topics
Guest user Created:   Sep 22, 2023 ISO 27001 & 22301
Replies: 3
0 0

Missing ISO27001 References in List of Documents
Guest user Created:   Sep 14, 2023 ISO 27001 & 22301
Replies: 1
0 0

Internal audit checklist and report combined
Guest user Created:   Aug 15, 2023 ISO 27001 & 22301
Replies: 1
0 0

Checklist for ISO 27001