Submitting records for approval
Just getting started writing policy for ISO 27001. I have completed the Context, Requirements and Scope document. Is it better to move on and create/finish more documents and approve/distribute all at once with management or start document approvals now risking updates/adjustments as more progress is made?
Assign topic to the user
First is important to note that, for the documents you mentioned, only the ISMS scope and list of requirements documents are mandatory for ISO 27001.
Considering that, there are some core documents that must be developed and approved before start writing other documents. For example, the ISMS scope must be approved before other documents are written. Another example is that risks must be identified, and treatment for the relevant ones defined, and the Statement of Applicability (SoA) must be approved, before documents related to security controls are written.
This article will provide you a further explanation about ISO 27001 mandatory documents:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
This material will provide you further explanation the order to develop and approve documents:
- Project checklist for ISO 27001 implementation (MS Word) https://info.advisera.com/27001academy/free-download/project-checklist-for-iso-27001-implementation
These materials will also help you regarding Iso 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 29, 2021