Mandatory documents and records required by ISO 27001:2013

Mandatory documents and records required by ISO 27001:2013

Here are the documents you need to produce if you want to be compliant with ISO 27001: (Please note that documents from Annex A are mandatory only if there are risks which would require their implementation.)
 Scope of the ISMS (clause 4.3)
 Information security policy and objectives (clauses 5.2 and 6.2)
 Risk assessment and risk treatment methodology (clause 6.1.2)
 Statement of Applicability (clause 6.1.3 d)
 Risk treatment plan (clauses 6.1.3 e and 6.2)
 Risk assessment report (clause 8.2)
 Definition of security roles and responsibilities (clauses A.7.1.2 and A.13.2.4)
 Inventory of assets (clause A.8.1.1)
 Acceptable use of assets (clause A.8.1.3)
 Access control policy (clause A.9.1.1)
 Operating procedures for IT management (clause A.12.1.1)
 Secure system engineering principles (clause A.14.2.5)
 Supplier security policy (clause A.15.1.1)
 Incident management procedure (clause A.16.1.5)
 Business continuity procedures (clause A.17.1.2)
 Statutory, regulatory, and contractual requirements (clause A.18.1.1)
And here are the mandatory records:
 Records of training, skills, experience and qualifications (clause 7.2)
 Monitoring and measurement results (clause 9.1)
 Internal audit program (clause 9.2)
 Results of internal audits (clause 9.2)
 Results of the management review (clause 9.3)
 Results of corrective actions (clause 10.1)
 Logs of user activities, exceptions, and security events (clauses A.12.4.1 and A.12.4.3)
ISMS certification is not panic now through help of Ascent Inspecta team, kindly contact
@ +91-9867180395 or info@ascentinspecta.com , for more details go through our
website www.ascentinspecta.com

Leave a Reply

Close Menu