Mandatory Documented Information as per ISO 27001:2013 (Information Security Management System)
There are 14-1 Documented Infomation those are mandated by ISO 27001:2013 i.e. Information Security Management System (ISMS).
The list of mandatory documented information is as follows:-
Mandatory Documented Information as per ISO 27001:2013 | ||
Clause | Mandatory DI | |
4.3 | Determining the scope of the information security management system | Scope of ISMS |
5.2 | Policy | Information Security Policy |
6.1.2 | Information security risk assessment | Information security risk assessment process |
6.1.3 | Information security risk treatment | Information security risk treatment process |
6.2 | Information security objectives and planning to achieve them | Objectives of ISMS and planning |
7.2 | Competence | DI as evidence of competence |
7.5 | Documented information | Documented information (Mandatory and As per organizaion`s requirement) |
8.1 | Operation planning and control | DI to have confidence that operations are carried out as planned |
8.2 | Information security risk assessment | DI of the results of the information security risk assessment |
8.3 | Information security risk treatment | DI of the results of the information security risk treatment |
9.1 | Monitoring, measurement, analysis and evaluation | DI as evidence of the monitoring and measurement result |
9.2 | Internal audit | DI as evidence of audit programme(s) and the audit results |
9.3 | Management review | DI as evidence of results of management reviews |
10.1 | Nonconformity and corrective action | DI as the evidence of f) nature of nonconformities and any subsequent actions taken, and g) results of corrective action |
AIG230820191
Thanks for the important information, Rupit. It would be helpful if you indicate which 1 document may be considered non-mandatory as you started with 14-1 Documents and the list has 14 docs.
sarah_francoise
Amazing content. To understand the steps for implementing ISMS for ISO 27001:2022 certification for first-time, can visit here: https://punyam.wordpress.com/2023/01/28/steps-for-implementing-isms-for-iso-27001-2022-certification-for-first-time/