Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Mandatory policies for ISO 27001

  Quote
Guest
Guest user Created:   Mar 30, 2019 Last commented:   Mar 30, 2019

Mandatory policies for ISO 27001

Our clients are asking us what policies we have (as past of our IS 27001 Certification). Since the toolkit is mixing up terms, can you please list what policies are mandatory for ISO 27001? Once we have this list, we can check that we have the documents labelled correctly. For instance, take the example below, is document 11.A.16 a policy document or a procedure document?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 30, 2019

Answer:

Regarding the main clauses of ISO 27001, only the Information Security Policy is required (to fulfill clause 5.2). Regarding Annex A controls, you must consider these policies as mandatory if there are risks which would require their implementation (i.e., controls related to these policies are stated as applicable on the Statement of Applicability):
- Access control policy (if clause A.9.1.1 is applicable on SoA)
- Supplier security policy (if clause A.15.1.1 is applicable on SoA)

The document "11.A. 16_Data_Breach_Response_and_Notification_Procedure_Integrated_EN" is in fact a procedure (its ISO 27001 equivalent is the Incident Management Procedure). It is im portant to note that in the context of ISO 27001 the division between policies and procedures is not very important.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 30, 2019

Mar 30, 2019

Suggested Topics

Guest user Created:   Jun 10, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question about SoA

Guest user Created:   Mar 26, 2021 ISO 27001 & 22301
Replies: 1
0 0

27001 questions

Guest user Created:   Jan 18, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISMS Manual contents