Operational planning and control documentation
Assign topic to the user
Answer: Yes, according ISO 27001, you have to document operational planning and control, but the extent of what will be documented is up to what the organization decides as sufficient to ensure the processes are being performed as planned. In our experience, some controls require more detailed documentation than others, but in general there is no need for a 'manual' to centralized them all.
These articles will provide you further explanation about mandatory and most common documents and which consider to decide what to write:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
These materials will also help you regarding documentation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jul 29, 2017