HI, A question about mandatory documents please..... Mandatory documents based on the main body of the standard's clauses as well as Annex A are listed on https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
The documents relating to the main clauses are fine. But.... If you only accept a control because there's a risk identified that makes it applicable to the business doesn't that mean that one or more of he mandatory documents from Annex A won't get created? Or is it that the controls where mandatory documents are included are expected to be adopted by everyone (i.e. there will be risks that require those controls).