SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Question about toolkit

  Quote
Guest
Guest user Created:   Apr 09, 2022 Last commented:   Apr 09, 2022

Question about toolkit

I have many questions The document template included in the documentation toolkit is it the all documents should I write and conduct I am confused about conduct the documentation I intend to start the project with implement and conduct the key stages of iso 27001 PDCA FOUR PHASES WITH risk assessment is it right and this approach can be suitable to use as a milestone for the project What is the difference between the mandatory documentation and non mandatory documentation and if I decided to select concept PDCA I still need to write the mandatory documentation since the four phases of this concept with risk assessment I think cover all or most of mandatory documentation if you understand me correctly Iam right
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 09, 2022

1 - I am confused about conduct the documentation I intend to start the project with implement and conduct the key stages of iso 27001 PDCA FOUR PHASES WITH risk assessment is it right and this approach can be suitable to use as a milestone for the project

Answer: Please note that for conducting the implementation in the most efficient way you should implement the documents in the order they are displayed in the folders in the toolkit (i.e., first the Procedure for Document and Record Control, then the Project Plan, the Procedure for Identification of Requirements, and so on).

This sequence of folders follows mostly the PDCA cycle, and is in our experience the quickest way to implement the standard.

For further information, see:
- ISO 27001 implementation steps https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/  


2 - What is the difference between the mandatory documentation and nonmandatory documentation and if I decided to select concept PDCA I still need to write the mandatory documentation since the four phases of this concept with risk assessment I think cover all or most of mandatory documentation if you understand me correctly Iam right

Answer: Mandatory documentation are those documents explicitly required by the standard, while nonmandatory documentation is those documents adopted at the discretion of the organization.

For example, clause 5.2 e) requires an Information Security Policy to be available as documented information, so the Information Security Policy is a mandatory document. On the other hand, control A.8.2. – Information classification does not define any requirement for documenting how information must be classified, but an organization can develop an Information Classification Policy to make it easier to keep and disseminate the knowledge about information classification.

For certification purposes, you need to implement all mandatory documents to be compliant with the standard.

Mandatory and non-mandatory documents have nothing to do with the PDCA cycle.

For further information, see:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 09, 2022

Apr 09, 2022