Which clauses must be covered with particular documents?
Assign topic to the user
What is needed for ISO 27001 certification?
Answer:
The article you are referencing to lists the minimum of the documents you need to have. However, in most cases you will need to implement some other documents as well, because this will be required by the situation in your company - here's the article that will help you with such decisions : 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
We have written our policies and procedures in such a way that makes it easy for you to delete any part of them - when you read this template for Acceptable Use Policy, you will find comments saying e.g. "Delete this section if you marked control xyz as inapplicable" - this means you have to assess if a particular control is needed for you, and if not you can simply delete a part of the document that describes it.
This article will help you with understanding the logic of when you can mark a control as applicable or not: The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
This article you might also find useful: How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
These materials will also help you regarding selection of controls and documenting them:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/
- Conformio (online ISO 27001 tool) https://advisera.com/conformio/
Comment as guest or Sign in
Dec 19, 2016