I have a question regarding the below mandatory requirement:
Records of training, skills, experience and qualifications (clause 7.2)
Is it for every staff at the company to list the qualifications or is it only for those that are involved in implementing ISO27001 Project?
These records are required for those who perform work that can impact information security performance, so they cover not only those involved in implementing ISO27001 Project, but also in the Information Security Management System, operation, maintenance, and improvement.
This article will provide you with a further explanation of competencies: