Steering committes for a smaller company
Assign topic to the user
Answer: Yes you can combine them in one document; actually ISO 27001 does not require any of these bodies so you can organize them any way you wish, or you can decide not to have such a body at all - smaller companies usually do not have such committees.
Do we have to creat processes diagram such as internal audit process?
Answer: No, you to not have to draw the diagrams because ISO 27001 does not require you do to so; the standard does require you to have a process for internal audit, and it is a best practice to write a procedure for it.
Comment as guest or Sign in
Jan 12, 2016