Question about ISO 27001 and ISO 27002
Assign topic to the user
I’m assuming you are referring to ISO 27001 documentation toolkit.
First is important to note that ISO does not evaluate organizations against its standards. This role is performed by certification bodies.
Considering that, compliance with ISO 27002 is not required for certification against ISO 27001.
Regarding toolkit documents, they cover all mandatory requirements and the most commonly applied controls. ISO 27001 does not prescribe that there must be a document for each control. Controls are selected based on the results of risk assessment and applicable legal requirements.
For more information, see:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
This way we avoid make our documentation unnecessarily complex to use and maintain.
This article will provide you a further explanation about mandatory and most commonly used documents for ISO 27001 (all these are included in your toolkit):
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Comment as guest or Sign in
Aug 30, 2021