1 KiB
1 KiB
In total there are 16 pieces of documented information that every ISMS must create and maintain in order to be eligible for certification.
| Title | Type | Clause | Title | Type | Clause |
| Scope of the ISMS | Mandatory | 4.3 | Results of information security risk treatment | Mandatory | 8.3 |
| Information security policy | Mandatory | 5.2 | Results of monitoring and measurement | Mandatory | 9.1 |
| Information security risk assessment process | Mandatory | 6.1.2 | Audit programme | Mandatory | 9.2 |
| Information security risk treatment process | Mandatory | 6.1.3 | Audit results | Mandatory | 9.2 |
| Statement of applicability (SoA) | Mandatory | 6.1.3 | Results of management reviews | Mandatory | 9.3 |
| Information security objectives | Mandatory | 6.2 | Nature of nonconformities and any subsequent actions taken | Mandatory | 10.2 |
| Evidence of competence | Mandatory | 7.2 | Results of any corrective action | Mandatory | 10.2 |
| Evidence for processes being carried out as planned | Mandatory | 8.1 | |||
| Results of information security risk assessments | Mandatory | 8.2 |