Expert Advice Community

Guest

Questions for ISO 27001 & 22301 List of Mandatory Documents

  Quote
Guest
Guest user Created:   Mar 29, 2021 Last commented:   Mar 29, 2021

Questions for ISO 27001 & 22301 List of Mandatory Documents

  1. No 1. Document Code 00, Procedure for Documentation and Record Control.  Should this be marked as Mandatory for 27001?
  2. No 3. Document Code 02, Procedure for Identification of Requirements. Should this be marked as Mandatory?  I noticed No. 4, Appendix 1 is checked as Mandatory. Shouldn’t this be part of the Procedure for Identification of Requirement?
  3. No. 27. Document Code A.12.2, Change Management.  Should this be marked as Mandatory?
  4. No. 32. Document Code A.15.1, Supplier Security Policy. Should this be marked as Mandatory?  I noticed No.33, Security Clauses for Suppliers and Partners is checked as Mandatory. Shouldn’t this be part of the Supplier Security Policy?
  5. No. 34. Document Code A.16, Incident Management Procedure, Under the Relevant Clauses in the Standard, one of the controls display as A.6.1.2, should this be A.16.1.2?
  6. No. 57. Document Code 10, Internal Audit Procedure. Should this be marked as Mandatory?  I noticed No. 58, Appendix 1 is checked as Mandatory.  Shouldn’t this be part of the Internal Audit Procedure?
  7. No. 63. Document Code 12, Procedure for Corrective Action. Should this be marked as Mandatory?  I noticed No. 64, Appendix 1 is checked as Mandatory.  Shouldn’t this be part of the Procedure for Correction Action?
0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 29, 2021

For questions 1 to 4, and 6 to 7, please note that there are no clauses in the Standard, nor controls from Annex A, requiring these procedures and policies to be documented, but the related annexes are mandatory because at least one of the related clauses or controls requires the information they contain to be recorded, providing evidence that these clauses and controls are implemented. Related policies and procedures are included in the toolkit because they are commonly implemented as good practice.

Regarding question 5, you are correct, and we apologize for this mistake. The reference must be indeed A.16.1.2, nor A.6.1.2.

For further information about mandatory documents, please read:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 29, 2021

Mar 29, 2021

Suggested Topics