Answer: This 2017 version refers to the British version of ISO 27001 (the BS EN ISO/IEC 27001:2017), which does not include any change that impacts requirements defined by the ISO 27001:2013, so the need for updating the toolkit is not necessary.
2. In particular, I miss, of course, Chapter 18 of Appendix 27002.
In addition I miss further documents, which are requested in the appendix of the ISO, as example fall to me ad hoc first:
· Contact with authorities
· Contact with special interest groups
I will continue to look at the package. Maybe then I have more questions.
Answer: First of all, sorry for this confusion.
The documents from section A.18 are not missing from the toolkit – you can find them here:
- A.18 – these documents are covered in the toolkit in folder "02 Procedure for identification of requirements”
Every control does not need to be documented, and to avoid unnecessary administrative work the toolkit includes only all the mandatory + all most common documents.
In the root folder of the toolkit you'll find a document called “List of Documents” that explains which control/clause is covered by which document, and which documents are mandatory.
In case your implementation requires the mentioned controls, or other controls not covered by the toolkit, you can contact us by email or schedule a meeting and we can provide the support to develop these documents