Expert Advice Community

Guest

Mandatory and nonmandatory documents.

  Quote
Guest
Guest user Created:   Nov 23, 2022 Last commented:   Nov 23, 2022

Mandatory and nonmandatory documents.

1. I hope everything is well with you
I HAVE Aquestion about ISO27001 Implementation Tool kit does the toolkit contoin or cover all the documents that I will need to comply with ISO27001 BECAUSE I notice for example when I Review the document internal audit checklist regarding control A6 YOU Need evidence for the are all information security responsibilities clearly defined through one or several documents? For example and if that compliant or not my question here I MUST CONDUCT Document for the A.6.1.1 AND A6.1.2 AND A6.1.3 AND A6.1.4 THIS IS MY QUESTION

2. Also Iam confused regarding the document I Downloaded from ISO27001 Academy named checklist of mandatory documentation required by ISO27001 BECAUSE the document contain the part explain the non mandatory documents
And this part contain for example document about BYOD I CONFUSED BECAUSE THE DOCUMANTION TOOLKIT CONTAIN THE BYOD DOCUMENT WHICH IS RIGHT THE DOCUMANTION TOOLKIT OR THE DOCUMENTS WHICH I Downloaded from the ISO 27001 Academy
Please explain to me

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 23, 2022

1. I hope everything is well with you

I have A question about ISO27001 Implementation Tool kit does the toolkit contain or cover all the documents that I will need to comply with ISO27001 because I notice for example when I Review the document internal audit checklist regarding control A6 YOU Need evidence for the are all information security responsibilities clearly defined through one or several documents? For example, and if that compliant or not my question here I MUST CONDUCT Document for the A.6.1.1 AND A6.1.2 AND A6.1.3 AND A6.1.4 THIS IS MY QUESTION

Please note that our ISO 27001 Documentation Toolkit covers all mandatory documents and some documents that are not mandatory. Many of the clauses and controls you mentioned do not need to be documented according to the standard, and in our opinion, it would be an overhead to document each and every one of them in a small company. 

Our toolkit is created specifically for smaller companies that want to implement ISO 27001 in a quick way, without unnecessary paperwork; for larger companies that require more documents, we recommend getting some other solution.

Regarding control A.6.1.1 (Information security roles and responsibilities), all document templates include defined roles and responsibilities for defined activities. Controls A.6.1.2 (Segregation of duties) to A.6.1.4 (Contact with special interest groups) do not require documentation, and simple records of contacts performed and activity logs demonstrating segregated activities will be sufficient.

2. Also I’m confused regarding the document I Downloaded from ISO27001 Academy named checklist of mandatory documentation required by ISO27001 BECAUSE the document contain the part explain the nonmandatory documents

And this part contain for example document about BYOD I CONFUSED BECAUSE THE DOCUMANTION TOOLKIT CONTAIN THE BYOD DOCUMENT WHICH IS RIGHT THE DOCUMANTION TOOLKIT OR THE DOCUMENTS WHICH I Downloaded from the ISO 27001 Academy

Please explain to me

Please note that nonmandatory documents presented in the article are the ones commonly adopted by organizations to make information security management easier, but they do not need to be implemented by all organizations. The BYOD policy is an example.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 23, 2022

Nov 23, 2022