Mandatory Documents

Please note that regarding controls from Annex A, you can have 3 scenarios:
1) The control is not applicable – in this case do document needs to be written

2) The control is applicable and the document related to the control is mandatory – the control requires activities to be performed and documented, so a document needs to be written
3) The control is applicable and the document related to the control is not mandatory - the control requires activities to be only performed, so no document needs to be written, it can be implemented only through performing activities

The scenario 2 is the case for the documents related to the controls listed in the mandatory documents. If those controls are identified as applicable, you need to develop the related documents, or you will not be compliant with the control.

These articles will provide you a further explanation about ISO 27001 controls:
- A quick guide to ISO 27001 controls from Annex A https://advisera.com/27001academy/iso-27001-controls/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

These materials will also help you regarding ISO 27001 controls:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/