Documentation Requirements of the new standard (ISO/IEC 27001:2013)

The much awaited new standard ISO/IEC 27001:2013 has been released on 25th September. This is the first revised change that has been made to the standard in 8 years. The new standard is more focus and aligned to the organization objectives. As this buzz go on in the industry there is also much confusion over the implementation on this standard. I would like to put forth my comments on the documentation requirements from the perspective of the new standard released.

Even though there are some of the mandatory documents required as per the new standard ISO/IEC 27001:2013 such as (IS Policy, IS Scope, etc.) nothing much has changed pertaining to the old standards document requirements. One needs to maintain all the IS procedure documents and records of implementation as evidence. Hence i have mentioned a list of documents which I feel is required for an organisation to have to implement Information Security. Also please note that this list should not be limited to the only documents required, and the organization should maintain other documents as per the environment of information security implementation.

1)     IS Policy

2)     IS Scope

3)     IS Objective

4)     Risk Assessment Process

5)     Risk Treatment Process

6)     Risk Assessment & Treatment Reports

7)     Statement of Applicability

8)     Internal Audit Procedure

9)     Corrective Action Procedure

10)   Information Security Metrics

11)   Document Control Procedure

12)   ISMS Operating Procedures

13)   Communication Procedure

14)   Contractual & Regulatory Requirements

15)   Security Incident Management Procedure

16)   Acceptable Usage Policy

17)   Information Classification & Handling Procedure

18)   Documented Records

19)   Security Roles, Responsibility & Competency document

20)   Management Review Records

2 thoughts on “Documentation Requirements of the new standard (ISO/IEC 27001:2013)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s