Mandatory Documented Information as per ISO 27001:2013 (Information Security Management System)

Rupit Oct 10, 2019 4880 2

There are 14-1 Documented Infomation those are mandated by ISO 27001:2013 i.e. Information Security Management System (ISMS).

The list of mandatory documented information is as follows:-

Mandatory Documented Information as per ISO 27001:2013
Clause		Mandatory DI
4.3	Determining the scope of the information security management system	Scope of ISMS
5.2	Policy	Information Security Policy
6.1.2	Information security risk assessment	Information security risk assessment process
6.1.3	Information security risk treatment	Information security risk treatment process
6.2	Information security objectives and planning to achieve them	Objectives of ISMS and planning
7.2	Competence	DI as evidence of competence
7.5	Documented information	Documented information (Mandatory and As per organizaion`s requirement)
8.1	Operation planning and control	DI to have confidence that operations are carried out as planned
8.2	Information security risk assessment	DI of the results of the information security risk assessment
8.3	Information security risk treatment	DI of the results of the information security risk treatment
9.1	Monitoring, measurement, analysis and evaluation	DI as evidence of the monitoring and measurement result
9.2	Internal audit	DI as evidence of audit programme(s) and the audit results
9.3	Management review	DI as evidence of results of management reviews
10.1	Nonconformity and corrective action	DI as the evidence of f) nature of nonconformities and any subsequent actions taken, and g) results of corrective action