Guest user Created: Jul 14, 2018 Last commented: Jul 14, 2018

Procedures documentation

I work at IT Department of XXXX as internal auditor.

0 0

Assign topic to the user

Select user

Rhand Leal Jul 14, 2018

My question is like four documented procedures: a procedure for the control of documents, a procedure for internal ISMS audits, a procedure for corrective action, and a procedure for preventive action. Should the Risk Assessment and treatment be a documented procedure?is it mandatory?

Answer: These 4 procedures you mentioned were mandatory according to the previous revision of the standard, but they are not mandatory according to the latest revision of ISO 27001.However the organization can document these procedures if it considers they will help fulfil the ISMS objectives.

ISO 27001 says it is mandatory to document risk treatment process, and this is usually done through the Risk assessment & treatment methodology.

This article will provide you further explanation about mandatory documents and records for ISO 27001:
- List of mandatory documents required by ISO 27001 (2013 rev ision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 14, 2018

Expert Advice Community