Mandatory documents

1 - Definition of security roles and responsibilities (A.7.1.2, A.13.2.4) I understand that these must be covered by clauses in the (labour) contracts with the employees and contractors or an appendix to the contract with existing employees/contractors. Is there a specific place where this must be documented or recorded?

2 - Acceptable use of assets (A.8.1.3) Is this covered by the Advisera document 11 A.8.2?

3 - Operating procedures for IT management (A.12.1.1) Is this also covered in the Advisera document 11 A.8.2?

4 - Secure system engineering principles (A.14.2.5) Is this covered in the Advisera documents 11 A.14 and 11 A.14.1?

Answer: Included in your toolkit there is a List of Documents file that maps which templates cover which clauses and controls of ISO 27001. In this document you will identify tha t:
- Control A.7.1.2 is covered by templates A.7.1 Confidentiality Statement, A.7.2 Statement of Acceptance of ISMS Documents, Supplier Security Policy, Supplier Data Processing and Security Clauses for Suppliers and Partners, all located in folder 11 Security Controls.
- Control A.13.2.4 is covered by template A.7.1 Confidentiality Statement, located in folder 11 Security Controls.
- Control A.8.1.3 is covered by template A.8.2 IT Security Policy, located in folder 11 Security Controls.
- Control A.12.1.1 is covered by template A.12.1 Security Procedures for IT Department, located in folder 11 Security Controls.
- Control A.14.2.5 is covered by template A.14 Secure Development Policy, located in folder 11 Security Controls.

Regarding contracts, ISO 27001 does not specify where roles and responsibilities are to be placed, so you can define where to document or record them as best to fulfil your needs (as contract clauses or appendix to contracts), or according already defined templates.