I am currently working through the Scope document for the ISO27001 audit, and had a quick question regarding the scope document, but really all of them. There are many sections of the documents that describe the purpose of the document, and I was wondering if there is anything I NEED to delete off of the documents for the audit itself? Or am I okay to just fill in the information for my company, and leave the rest?
Please note that each template is already fully compliant with the standard, so you won’t have problems with the audit if you only customize the templates where indicated by the comments included in each template.
The comments in the templates inform where you need to customize the document according to your needs (i.e., include, alter, or exclude information).
Please avoid altering parts of the document where there are no comments available because this can cause the document to become non-compliant with the standard.