Thank you for meeting with me on Friday.
As you mentioned during the meeting, the following documents should be considered as next-level projects since they are not needed for our company. Am I correct in that assumption?
Furthermore, I would appreciate it if you could see the attached and tell me which step you mentioned is not applicable to us? (If any)
If you want to be compliant with ISO 27001 only, and not with ISO 27017 and ISO 27018, the 2 documents you mentioned are not needed; also in the Statement of Applicability, you need to take into account only the 114 controls that are related to ISO 27001.
2 - Furthermore, I would appreciate it if you could see the attached and tell me which step you mentioned is not applicable to us? (If any)
Please note that to implement ISO 27001 you will have to go through all the folders listed in the toolkit. By consulting the List of Documents file that comes with your toolkit you will identify which documents need to be implemented to fulfill standards requirements (e.g., Information, Security Policy, SoA, etc.), and those that are recommended to be implemented because they are considered as good practice (e.g., Procedure for Corrective Action).