Professional Documents
Culture Documents
Note: The documentation should preferably be implemented in the order in which it is listed here.
The order of implementation of documentation related to Annex A is defined in the Risk Treatment
Plan.
Number Document name
in the
package
0.
1.
Project Plan
2.
2.1.
3.
4.
5.
5.1.
5.2.
5.3.
6.
Statement of Applicability
7.
Mandatory
according to ISO
27001
Page 1 of 5
Mandatory
according to ISO
27001
8.
(Annex A controls)
8.
A.6
8.
A.6
8.
A.7
Confidentiality Statement
8.
A.7
8.
A.8
Inventory of Assets
8.
A.8
8.
A.8
8.
A.9
8.
A.9
8.
A.10
Page 2 of 5
8.
A.11
8.
A.11
8.
A.11
8.
A.12
8.
A.12
8.
A.12
8.
A.13
8.
A.14
ISO/IEC A.14.1.2,
A.14.1.3, A.14.2.1,
A.14.2.2, A.14.2.5,
A.14.2.6, A.14.2.7,
A.14.2.8, A.14.2.9,
A.14.3.1
8.
A.14
Appendix Specification of
Information System Requirements
Mandatory
according to ISO
27001
Page 3 of 5
8.
A.15
8.
A.15
8.
A.16
8.
A.16
8.
A.17
9.
10.
10.1.
10.2.
10.3.
11.
12.
12.1.
Mandatory
according to ISO
27001
*The listed documents are only mandatory if the corresponding controls are identified as applicable
in the Statement of Applicability.
ver 3.1, 2015-03-25
Page 4 of 5
Page 5 of 5