Professional Documents
Culture Documents
If you confirm that the file is coming from a trusted source, you can send the following SHA-256
hash value to your admin for the original file.
6dc9dadca7eb42632b2b656bdf496d9b8d75f6aa0bdf7b2f65991c8e93559ca5
Note: The documentation should preferably be implemented in the order in which it is listed here.
The order of implementation of documentation related to Annex A is defined in the Risk Treatment
Plan.
Mandatory
Document Relevant clauses in
No. Document name according to
code ISO 27001
ISO 27001
01 Document Management
2 02 Project Plan
03 Identification of Requirements
04 ISMS Scope
05 General Policies
07 Applicability of Controls
08 Implementation Plan
A.5.9; A.5.10;
A.5.11; A.5.14;
A.5.17; A.5.32;
A.6.7; A.7.7; A.7.9;
13 09.01 IT Security Policy *
A.7.10; A.8.1; A.8.7;
A.8.10; A.8.12;
A.8.13; A.8.19;
A.8.23
A.5.9; A.5.10;
A.5.12; A.5.13;
18 09.06 Information Classification Policy *
A.5.14; A.7.10;
A.8.3; A.8.5; A.8.11
A.5.7; A.5.14;
A.5.37; A.7.10;
A.7.14; A.8.4; A.8.6;
A.8.7; A.8.8; A.8.9;
A.8.10; A.8.12;
Security Procedures for IT
20 09.08 A.8.13; A.8.15; *
Department
A.8.16; A.8.17;
A.8.18; A.8.20;
A.8.21; A.8.22;
A.8.23; A.8.31;
A.8.32
A.5.15; A.5.16;
A.5.17; A.5.18;
26 09.14 Access Control Policy
A.8.2; A.8.3; A.8.4;
A.8.5; A.8.11
A.5.33; A.8.11;
A.8.25; A.8.26;
A.8.27; A.8.28;
28 09.16 Secure Development Policy *
A.8.29; A.8.30;
A.8.31; A.8.32;
A.8.33
Appendix 1 – Specification of
29 09.17 A.8.26
Information System Requirements
A.5.7; A.5.11;
A.5.19; A.5.20;
30 09.18 Supplier Security Policy A.5.21; A.5.22;
A.5.23; A.6.1; A.6.2;
A.6.3; A.8.30
11 Internal Audit
12 Management Review
13 Corrective Actions
*The listed documents are mandatory only if the corresponding controls are identified as applicable
in the Statement of Applicability.
**General roles and responsibilities are described in the Information Security Policy, whereas
detailed roles and responsibilities are specified in each document of this toolkit.