Toolkit documentation

I have noticed that there appears to be a number of clauses where there are example templates missing – I assumed when I purchased the ‘premium’ collection this would cover ALL clauses of the standards.

Answer: ISO 27001 does not require each control in Annex A to be implemented, only those deemed necessary as result of risk assessments, legal requirements or organizational decision. To see the required documents by the standard, and the most common documents implemented to support an ISMS, please see this article: List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

For ISO 22301 the situation is the same, the diference being that this standard also considers the busi ness impact analysis information, and you can see the required documents, and the most common documents implemented to support an BCMS in this article: Mandatory documents required by ISO 22301 https://advisera.com/27001academy/knowledgebase/mandatory-documents-required-by-iso-22301/

Our toolkits focus on small and mid-size companies, and that's the reason we do not write documents to cover each control – for thos e companies this large number of documents would result in an overkill for many of them. Instead of that a single template may cover multiple controls.

In the root folder of the toolkit you'll find a document called “List of Documents” which will explain which control is covered by which document.

These articles will provide you further explanation about how our templates can handle some controls from section A.6 of ISO 27001 Annex A:
- Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 https://advisera.com/27001academy/blog/2016/11/21/segregation-of-duties-in-your-isms-according-to-iso-27001-a-6-1-2/
- How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/