Questions for ISO 27001 & 22301 List of Mandatory Documents
- No 1. Document Code 00, Procedure for Documentation and Record Control. Should this be marked as Mandatory for 27001?
- No 3. Document Code 02, Procedure for Identification of Requirements. Should this be marked as Mandatory? I noticed No. 4, Appendix 1 is checked as Mandatory. Shouldn’t this be part of the Procedure for Identification of Requirement?
- No. 27. Document Code A.12.2, Change Management. Should this be marked as Mandatory?
- No. 32. Document Code A.15.1, Supplier Security Policy. Should this be marked as Mandatory? I noticed No.33, Security Clauses for Suppliers and Partners is checked as Mandatory. Shouldn’t this be part of the Supplier Security Policy?
- No. 34. Document Code A.16, Incident Management Procedure, Under the Relevant Clauses in the Standard, one of the controls display as A.6.1.2, should this be A.16.1.2?
- No. 57. Document Code 10, Internal Audit Procedure. Should this be marked as Mandatory? I noticed No. 58, Appendix 1 is checked as Mandatory. Shouldn’t this be part of the Internal Audit Procedure?
- No. 63. Document Code 12, Procedure for Corrective Action. Should this be marked as Mandatory? I noticed No. 64, Appendix 1 is checked as Mandatory. Shouldn’t this be part of the Procedure for Correction Action?
Assign topic to the user
For questions 1 to 4, and 6 to 7, please note that there are no clauses in the Standard, nor controls from Annex A, requiring these procedures and policies to be documented, but the related annexes are mandatory because at least one of the related clauses or controls requires the information they contain to be recorded, providing evidence that these clauses and controls are implemented. Related policies and procedures are included in the toolkit because they are commonly implemented as good practice.
Regarding question 5, you are correct, and we apologize for this mistake. The reference must be indeed A.16.1.2, nor A.6.1.2.
For further information about mandatory documents, please read:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Comment as guest or Sign in
Mar 29, 2021