Question about toolkit
Assign topic to the user
1 - I am confused about conduct the documentation I intend to start the project with implement and conduct the key stages of iso 27001 PDCA FOUR PHASES WITH risk assessment is it right and this approach can be suitable to use as a milestone for the project
Answer: Please note that for conducting the implementation in the most efficient way you should implement the documents in the order they are displayed in the folders in the toolkit (i.e., first the Procedure for Document and Record Control, then the Project Plan, the Procedure for Identification of Requirements, and so on).
This sequence of folders follows mostly the PDCA cycle, and is in our experience the quickest way to implement the standard.
For further information, see:
- ISO 27001 implementation steps https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
2 - What is the difference between the mandatory documentation and nonmandatory documentation and if I decided to select concept PDCA I still need to write the mandatory documentation since the four phases of this concept with risk assessment I think cover all or most of mandatory documentation if you understand me correctly Iam right
Answer: Mandatory documentation are those documents explicitly required by the standard, while nonmandatory documentation is those documents adopted at the discretion of the organization.
For example, clause 5.2 e) requires an Information Security Policy to be available as documented information, so the Information Security Policy is a mandatory document. On the other hand, control A.8.2. – Information classification does not define any requirement for documenting how information must be classified, but an organization can develop an Information Classification Policy to make it easier to keep and disseminate the knowledge about information classification.
For certification purposes, you need to implement all mandatory documents to be compliant with the standard.
Mandatory and non-mandatory documents have nothing to do with the PDCA cycle.
For further information, see:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Comment as guest or Sign in
Jun 28, 2022