Guest user Created: Aug 30, 2021 Last commented: Aug 30, 2021

Question about ISO 27001 and ISO 27002

As far as I understand ISO doesn't dictate us to compliance with 27002 Does these 45 documents in the toolkit covers all 26 requirement management system and 114 control points? I'm asking 27002 because I don't know if ISO will ask me if I have some installation, management or monitoring procedures for systems. We don't have such time to prepare it. If this is not the case, we are ok I believe.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Aug 30, 2021

I’m assuming you are referring to ISO 27001 documentation toolkit.

First is important to note that ISO does not evaluate organizations against its standards. This role is performed by certification bodies.

Considering that, compliance with ISO 27002 is not required for certification against ISO 27001.

Regarding toolkit documents, they cover all mandatory requirements and the most commonly applied controls. ISO 27001 does not prescribe that there must be a document for each control. Controls are selected based on the results of risk assessment and applicable legal requirements.

For more information, see:

The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

This way we avoid make our documentation unnecessarily complex to use and maintain.

This article will provide you a further explanation about mandatory and most commonly used documents for ISO 27001 (all these are included in your toolkit):

List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 30, 2021

Expert Advice Community