SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Questions for ISO 27001 & 22301 List of Mandatory Documents

Guest

Questions for ISO 27001 & 22301 List of Mandatory Documents

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Mar 29, 2021 Last commented:   Mar 29, 2021

Questions for ISO 27001 & 22301 List of Mandatory Documents

ISO 27001 & 22301
  1. No 1. Document Code 00, Procedure for Documentation and Record Control.  Should this be marked as Mandatory for 27001?
  2. No 3. Document Code 02, Procedure for Identification of Requirements. Should this be marked as Mandatory?  I noticed No. 4, Appendix 1 is checked as Mandatory. Shouldn’t this be part of the Procedure for Identification of Requirement?
  3. No. 27. Document Code A.12.2, Change Management.  Should this be marked as Mandatory?
  4. No. 32. Document Code A.15.1, Supplier Security Policy. Should this be marked as Mandatory?  I noticed No.33, Security Clauses for Suppliers and Partners is checked as Mandatory. Shouldn’t this be part of the Supplier Security Policy?
  5. No. 34. Document Code A.16, Incident Management Procedure, Under the Relevant Clauses in the Standard, one of the controls display as A.6.1.2, should this be A.16.1.2?
  6. No. 57. Document Code 10, Internal Audit Procedure. Should this be marked as Mandatory?  I noticed No. 58, Appendix 1 is checked as Mandatory.  Shouldn’t this be part of the Internal Audit Procedure?
  7. No. 63. Document Code 12, Procedure for Corrective Action. Should this be marked as Mandatory?  I noticed No. 64, Appendix 1 is checked as Mandatory.  Shouldn’t this be part of the Procedure for Correction Action?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Mar 29, 2021

For questions 1 to 4, and 6 to 7, please note that there are no clauses in the Standard, nor controls from Annex A, requiring these procedures and policies to be documented, but the related annexes are mandatory because at least one of the related clauses or controls requires the information they contain to be recorded, providing evidence that these clauses and controls are implemented. Related policies and procedures are included in the toolkit because they are commonly implemented as good practice.

Regarding question 5, you are correct, and we apologize for this mistake. The reference must be indeed A.16.1.2, nor A.6.1.2.

For further information about mandatory documents, please read:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 29, 2021

Mar 29, 2021

Suggested Topics
Guest user Created:   Mar 02, 2021 ISO 27001 & 22301
Replies: 1
0 0

IT Managed Service Providers
Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Internal Audits
Garry Created:   Dec 10, 2023 ISO 27001 & 22301
Replies: 3
0 0

Understanding the core concepts of RPO & RTO - ISO 22301