As part of *** ISO 27001 implementation, I thoroughly reviewed the ‘List_of_documents_ISO_27001_Documentation_Toolkit_EN’ file attached that was included within the toolkit and mapped out which Annex A controls were covered by the template documents in the toolkit. I’ve recorded this in the ‘Toolkit Annex A Controls’ file attached for reference. It would have been useful if I didn’t have to manually gather this information myself but that is not the point of this email.
My biggest concern is that there appear to be 34 Annex A controls that are not covered by the toolkit, despite the toolkit being advertised as ‘All required ISO 27001 documents’ as shown below.
Can you please advise on this matter as soon as you’re able so that I can proceed accordingly?
With 34 Annex A controls not being covered, that seems like a lot, and I worry that when our business is audited for ISO 27001, we will fail due to so many missing controls.
Any guidance or clarity you could provide on this will help my peace of mind greatly. I’m on a tight deadline to have 27001 and 9001 implemented and certified by the end of June this year, hence me purchasing the toolkits for both to cut down the number of hours required.
Please note that by “All required ISO 27001 documents” we mean that our ISO 27001 Documentation Toolkit covers all mandatory documents and some documents that are not mandatory. The controls you listed do not need to be documented according to the standard, and in our opinion, it would be an overhead to document each and every one of them in a small company.
Our toolkit is created specifically for smaller companies that want to implement ISO 27001 in a quick way, without unnecessary paperwork; for larger companies that require more documents, we recommend getting some other solution.