Mandatory and non-mandatory documents
Your website (https://info.advisera.com/27001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-27001) indicates MANDATORY Documents and NON mandatory Documents. Yet you say for the NON MANDATORY - "However, I find these non-mandatory documents to be most commonly used:"
1 - So what are the Documents needed to pass and What documents are NOT, and Still Pass the ISO 27001 cert?
2 - Are you saying the List you show in the List are the Items We dont Need?
Assign topic to the user
1 - So what are the Documents needed to pass and What documents are NOT, and Still Pass the ISO 27001 cert?
First of all, sorry for this confusion.
Since you subscribed to Conformio, it will take care you have all the mandatory documents plus any nonmandatory documents that are the most appropriate for your situation.
The mandatory documents required for ISO 27001 certification are:
- Scope of the ISMS (clause 4.3)
- Information security policy and objectives (clauses 5.2 and 6.2)
- Risk assessment and risk treatment methodology (clause 6.1.2)
- Statement of Applicability (clause 6.1.3 d)
- Risk treatment plan (clauses 6.1.3 e, 6.2, and 8.3)
- Risk assessment report (clauses 8.2 and 8.3)
- Logs of user activities, exceptions, and security events (clauses A.12.4.1 and A.12.4.3)
2 - Are you saying the List you show in the List are the Items We dont Need?
Please not note that “commonly used documents” are nonmandatory documents that many organizations find useful to make the information security management system implementation and operation easier (and that’s why they are presented in this article). The need for these documents should be evaluated considering your organization's context.
For further information about which documents to have, see:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
Comment as guest or Sign in
May 21, 2021