Mandatory and non-mandatory documents
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer:
In ISO world, mandatory requirements/documents are related to the words “must” or “shall”, while non mandatory requirements/documents are related to words “may”or “should”. Considering section 7.2 Competence, all requirements are mandatory (from a to d), and the single one requiring documentation is the retention of evidence of competence (item 7.2 d). Examples of evidence are certificates, university degrees, work declarations and attendance lists, which have their own formats, making unfeasible to define a single template for them. This means you have to conduct all the activities mentioned in a to c, but you do not have to document them (this is why there is no policy in our toolkit for that purpose) - what you need to have are records related to 7.2 d) mentioned above.
These a rticles can be helpful for you:
- Explanation of the basic terminology in ISO standards https://advisera.com/27001academy/blog/2015/01/12/explanation-of-the-basic-terminology-in-iso-standards/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
Comment as guest or Sign in
Dec 05, 2018