Expert Advice Community

Guest

Toolkit content

  Quote
Guest
Guest user Created:   Dec 14, 2017 Last commented:   Dec 14, 2017

Toolkit content

I bought the 27001 toolkit docs and I am looking in annex a, it seems to be missing 5 and 18? Can you explain why those 2 controls are not documented?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 14, 2017

Answer: Our toolkits focus on small and mid-size companies, and that's the reason we do not write documents to cover each control – for those companies this large number of documents would result in an overkill for many of them. Instead of that a single template may cover multiple controls and requirements.

The controls from section A.5 Information security policies are covered in many policies provided in the toolkit (e.g., Information security policy, Access control policy, Acceptable use policy, Backup policy, etc.), and the control related to their review is implemented in the Management Review Minute template (one input is the review of items that can impact the ISMS, such as policies).

The controls from section A.18 Compliance are covered in the following documents: Procedure for Identification of Requirements, and List of Legal, Regulatory, Contractual and Other Requirements – you'll find them in folder 02 “Procedure for identification of requirements”

In the root folder of the toolkit you'll find a document called “List of Documents” which will explain which control is covered by which document.

This article will provide you further explanation about mandatory documents:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Quote
0 0
Guest
matt20122 Dec 14, 2017
But these are the only 2 groups missing ? That answer doesn't really make sense in that context - why are those 2 specific control groups missing? Would like a more detailed explanation of why out of 14 groups those 2 were deemed worth leaving out. This is labelled as expert advice! Thanks.
Quote
0 0
Expert
Dejan Kosutic Dec 14, 2017
I'm sorry about this confusion.

The documents from sections A.5 and A.18 are not missing from the toolkit - you can find them here:
- A.5 - all the documents from folder "08_Annex_A" cover the requirements about information security policies (A.5.1.1) and review of the policies (A.5.1.2)
- A.18 - these documents are covered in the toolkit in folder "02 Procedure for identification of requirements”

By the way, the ISO 27001 Documentation Toolkit is sold in more than 100 countries worldwide, we never received a complaint that some document was missing.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 14, 2017

Dec 14, 2017

Suggested Topics

Guest user Created:   Sep 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   May 28, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   Mar 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content