Expert Advice Community

Guest

Mandatory and non-mandatory documents

  Quote
Guest
Guest user Created:   May 21, 2021 Last commented:   May 21, 2021

Mandatory and non-mandatory documents

Your website (https://info.advisera.com/27001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-27001) indicates MANDATORY Documents and NON mandatory Documents. Yet you say for the NON MANDATORY - "However, I find these non-mandatory documents to be most commonly used:"

1 - So what are the Documents needed to pass and What documents are NOT, and Still Pass the ISO 27001 cert?

2 - Are you saying the List you show in the List are the Items We dont Need?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 21, 2021

1 - So what are the Documents needed to pass and What documents are NOT, and Still Pass the ISO 27001 cert?

First of all, sorry for this confusion.

Since you subscribed to Conformio, it will take care you have all the mandatory documents plus any nonmandatory documents that are the most appropriate for your situation.

The mandatory documents required for ISO 27001 certification are:

  • Scope of the ISMS (clause 4.3)
  • Information security policy and objectives (clauses 5.2 and 6.2)
  • Risk assessment and risk treatment methodology (clause 6.1.2)
  • Statement of Applicability (clause 6.1.3 d)
  • Risk treatment plan (clauses 6.1.3 e, 6.2, and 8.3)
  • Risk assessment report (clauses 8.2 and 8.3)
  • Logs of user activities, exceptions, and security events (clauses A.12.4.1 and A.12.4.3)

2 - Are you saying the List you show in the List are the Items We dont Need?

Please not note that “commonly used documents” are nonmandatory documents that many organizations find useful to make the information security management system implementation and operation easier (and that’s why they are presented in this article). The need for these documents should be evaluated considering your organization's context.

For further information about which documents to have, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 21, 2021

May 21, 2021