Major obstacles in the implementation of ISO 27001 and ISO 22301 and how to overcome them. How do I know which documents are required for ISO 27001 or ISO 22301?.
Well, it’s pretty easy to find out what documents are required and which are detailed in ISO 27001; are these:
- Scope of ISMS
- Policies and objectives of information security
- Assessment methodology and risk treatment
- Statement of Applicability
- Risk Treatment Plan
- Risk assessment report
- Defining security roles and responsibilities
- Asset inventoryAcceptable use of assets
- Access control policy
- operating procedures for IT management
- Engineering principles to secure
- Security Policy for suppliers
- Procedure for Incident Management
- Procedures business continuity
- legal, regulatory and contractual requirements
This report is a detailed explanation of each of these documents: List of mandatory documentation required by ISO 27001 (Revision 2013).
And this is the list of required documents for ISO 22301:
- Procedure for identification of legal and regulatory requirements applicable
- Scope of the BCMS and explanation of exclusions
- Policy business continuity
- Staff Competencies
- Communication with stakeholders
- Process for analysis of business impact and risk assessment
- Procedures business continuity
- Incident response proceduresProcedures to restore and restart activities from temporary measures
You can read more about these documents, as well as about the required records in the following report: List of mandatory documentation required by ISO 22301.