Mandatory Documented Information as per ISO 27001:2013 (Information Security Management System)

Mandatory Documented Information as per ISO 27001:2013 (Information Security Management System)

There are 14-1 Documented Infomation those are mandated by ISO 27001:2013 i.e. Information Security Management System (ISMS).

The list of mandatory documented information is as follows:-  

Mandatory Documented Information as per ISO 27001:2013
Clause Mandatory DI
4.3 Determining the scope of the information security management system  Scope of ISMS
5.2 Policy Information Security Policy
6.1.2 Information security risk assessment Information security risk assessment process
6.1.3 Information security risk treatment Information security risk treatment process
6.2 Information security objectives and planning to achieve them Objectives of ISMS and planning
7.2 Competence DI as evidence of competence
7.5 Documented information Documented information (Mandatory and As per organizaion`s requirement)
8.1 Operation planning and control DI to have confidence that operations are carried out as planned
8.2 Information security risk assessment DI of the results of the information security risk assessment
8.3 Information security risk treatment DI of the results of the information security risk treatment
9.1 Monitoring, measurement, analysis and evaluation DI as evidence of the monitoring and measurement result
9.2 Internal audit DI as evidence of audit programme(s) and the audit results
9.3 Management review DI as evidence of results of management reviews
10.1 Nonconformity and corrective action DI as the evidence of
f) nature of nonconformities and any subsequent actions taken, and
g) results of corrective action