Expert Advice Community

Guest

Mandatory Documents

  Quote
Guest
Guest user Created:   Feb 13, 2021 Last commented:   Feb 13, 2021

Mandatory Documents

HI, A question about mandatory documents please..... Mandatory documents based on the main body of the standard's clauses as well as Annex A are listed on https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/ The documents relating to the main clauses are fine. But.... If you only accept a control because there's a risk identified that makes it applicable to the business doesn't that mean that one or more of he mandatory documents from Annex A won't get created? Or is it that the controls where mandatory documents are included are expected to be adopted by everyone (i.e. there will be risks that require those controls).
0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 13, 2021

Please note that regarding controls from Annex A, you can have 3 scenarios:
1) The control is not applicable – in this case do document needs to be written

2) The control is applicable and the document related to the control is mandatory – the control requires activities to be performed and documented, so a document needs to be written
3) The control is applicable and the document related to the control is not mandatory - the control requires activities to be only performed, so no document needs to be written, it can be implemented only through performing activities

The scenario 2 is the case for the documents related to the controls listed in the mandatory documents. If those controls are identified as applicable, you need to develop the related documents, or you will not be compliant with the control.

These articles will provide you a further explanation about ISO 27001 controls:
- A quick guide to ISO 27001 controls from Annex A https://advisera.com/27001academy/01academy/emy/ademy/my/iso-27001-controls/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

These materials will also help you regarding ISO 27001 controls:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/rols-plain-english/annex-controls-plain-english/-english/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 13, 2021

Feb 13, 2021