mandatory backup policy?
Assign topic to the user
ISO 27001 BACKUP POLICY
Set of rules for the creation of backup copies.
Get it now 
ISO 27001 BACKUP POLICY
Set of rules for the creation of backup copies.
Get it now
ISO 27001 BACKUP POLICY
Set of rules for the creation of backup copies.
Get it now
https://community.advisera.com/topic/do-we-need-to-document-each-control/
What is your list of mandatory documents based on? Why do you thing some documents are not required to implement? Referring to your example, that no policy / procedure for backup is necessary, 27001 Annex A.12.3.1 clearly states: Backup copies ... shall be taken ... in accordance with an agree backup policy."
This is only an example - generally speaking I am interested in the basis for your decision on whether documents are necessary in order to fulfill Annex A control objectives.
Answer:
Word "policy" in ISO standards does not mean that it has to be documented, i.e. written down. For example, policy can we also verbal, but it could also be a policy that is included in an information system.
A document must be written only if you see a word "documented" in ISO standard - for example, ISMS scope must be documented, whereas Backup policy does not have to be documented.
See here a list of mandatory document required by ISO 27001: https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Comment as guest or Sign in
Jan 12, 2016