Skip to content

ISMS-DOC-07-4 ISMS Documentation Log

Sheet: Guidance

Implementation Guidance This Excel sheet must be removed from the final version of the document.
Design This spreadsheet has been designed using CertiKit's colour scheme. To choose a different table colour scheme, click in the table, select the Table Design menu tab and choose a different style. The same applies to the drop-down menu "slicers" at the top of the screen. Click in one slicer, then hold down the Shift key and click on the rest, one by one. This will select them all. Then click on the Slicer menu tab and choose a different style. You can also create your own table and slicer styles using your own colour scheme to reflect your organization's branding.
Purpose of this document This document acts as a directory for the documents contained within the ISMS.
Areas of the standard addressed The following sections of the ISO/IEC 27001 standard are addressed: 7.5 Documented information
General guidance The Documentation Log provides a summary of the reference numbering scheme used for documents in the Information Security Management System together with their current status. You may decide to hold this information in a system such as a document management system or in a spreadsheet and this is perfectly acceptable as long as the information is readily available. If using this document you must ensure that it is updated when the documents listed in it change; this should be done as part of your change management procedure. Note that the entries in the [TYPICAL] DEFAULT CLASSIFICATION column are initial suggestions only, and will depend upon the classification scheme you decide upon and other factors such as the industry your organization works within.
Review frequency Review this list on a regular basis as part of the management review cycle.
Toolkit version number ISO/IEC 27001 Toolkit Version 12
Copyright notice Except for any specifically identified third-party works included, this document has been authored by CertiKit, and is ©CertiKit except as stated below. CertiKit is a company registered in England and Wales with company number 6432088.
Licence terms This document is licensed on and subject to the standard licence terms of CertiKit, available on request, or by download from our website. All other rights are reserved. Unless you have purchased this product you only have an evaluation licence. If this product was purchased, a full licence is granted to the person identified as the licensee in the relevant purchase order. The standard licence terms include special terms relating to any third party copyright included in this document.
Disclaimer Please Note: Your use of and reliance on this document template is at your sole risk. Document templates are intended to be used as a starting point only from which you will create your own document and to which you will apply all reasonable quality checks before use. Therefore please note that it is your responsibility to ensure that the content of any document you create that is based on our templates is correct and appropriate for your needs and complies with relevant laws in your country. You should take all reasonable and proper legal and other professional advice before using this document. CertiKit makes no claims, promises, or guarantees about the accuracy, completeness, or adequacy of our document templates, assumes no duty of care to any person with respect its document templates or their contents, and expressly excludes and disclaims liability for any cost, expense, loss or damage suffered or incurred in reliance on our document templates, or in expectation of our document templates meeting your needs, including (without limitation) as a result of misstatements, errors and omissions in their contents.

Sheet: Documentation Log

DOCUMENT REF TITLE [TYPICAL] DEFAULT CLASSIFICATION DOCUMENT OWNER CURRENT VERSION REVIEW FREQUENCY NEXT REVIEW DATE
ISMS-DOC-00-1 Information Security Management System PID Restricted
ISMS-DOC-00-2 ISO27001 Benefits Presentation Protected
ISMS-DOC-00-3 Annex A Control Attributes Protected
ISMS-DOC-00-4 ISO27001 Project Plan Restricted
ISMS-FORM-00-1 Certification Readiness Checklist Restricted
ISMS-FORM-00-2 ISO27001 Assessment Evidence Restricted
ISMS-FORM-00-3 ISO27001 Progress Report Restricted
ISMS-FORM-00-4 ISO27001 Gap Assessment Tool Restricted
ISMS-DOC-04-1 Information Security Context, Requirements and Scope Protected
ISMS-DOC-05-1 Information Security Management System Manual Protected
ISMS-DOC-05-2 Information Security Roles Responsibilities and Authorities Protected
ISMS-DOC-05-3 Executive Support Letter Unclassified
ISMS-DOC-05-4 Information Security Policy Protected
ISMS-FORM-05-1 Meeting Minutes Restricted
ISMS-DOC-06-1 Information Security Objectives and Plan Restricted
ISMS-DOC-06-2 Risk Assessment and Treatment Process Protected
ISMS-DOC-06-3 Risk Assessment Report Confidential
ISMS-DOC-06-4 Risk Treatment Plan Restricted
ISMS-DOC-06-5 ISMS Change Process Protected
ISMS-DOC-06-6 ISMS Change Log Protected
ISMS-FORM-06-1 Asset-Based Risk Tool Restricted
ISMS-FORM-06-2 Statement of Applicability Protected
ISMS-FORM-06-3 Scenario-Based Risk Tool Restricted
ISMS-FORM-06-4 Opportunity Assessment Tool Restricted
ISMS-DOC-07-1 Information Security Competence Development Procedure Protected
ISMS-DOC-07-2 Information Security Communication Programme Protected
ISMS-DOC-07-3 Procedure for the Control of Documented Information Protected
ISMS-DOC-07-4 ISMS Documentation Log Protected
ISMS-DOC-07-5 Information Security Competence Development Report Restricted
ISMS-DOC-07-6 Awareness Training Presentation Protected
ISMS-FORM-07-1 Competence Development Questionnaire Restricted
ISMS-DOC-08-1 ISMS Process Interaction Overview Protected
ISMS-DOC-09-1 Process for Monitoring, Measurement, Analysis and Evaluation Protected
ISMS-DOC-09-2 Procedure for Internal Audits Protected
ISMS-DOC-09-3 Internal Audit Plan Restricted
ISMS-DOC-09-4 Procedure for Management Reviews Protected
ISMS-DOC-09-5 Internal Audit Report Restricted
ISMS-FORM-09-1 Internal Audit Programme Restricted
ISMS-FORM-09-2 Internal Audit Action Plan Restricted
ISMS-FORM-09-3 Management Review Meeting Agenda Protected
ISMS-FORM-09-4 Internal Audit Checklist Restricted
ISMS-DOC-10-1 Procedure for the Management of Nonconformity Protected
ISMS-FORM-10-1 Nonconformity and Corrective Action Log Restricted
ISMS-FORM-10-2 ISMS Regular Activity Schedule Protected
ISMS-DOC-A05-1-1 Social Media Policy Protected
ISMS-DOC-A05-1-2 HR Security Policy Protected
ISMS-DOC-A05-3-1 Segregation of Duties Guidelines Protected
ISMS-FORM-A05-3-1 Segregation of Duties Worksheet Restricted
ISMS-DOC-A05-4-1 Information Security Whistleblowing Policy Unclassified
ISMS-DOC-A05-5-1 Authorities Contacts Restricted
ISMS-DOC-A05-6-1 Specialist Interest Group Contacts Restricted
ISMS-DOC-A05-7-1 Threat Intelligence Policy Protected
ISMS-DOC-A05-7-2 Threat Intelligence Process Protected
ISMS-DOC-A05-7-3 Threat Intelligence Report Protected
ISMS-DOC-A05-8-1 Information Security Guidelines for Project Management Protected
ISMS-DOC-A05-9-1 Asset Management Policy Protected
ISMS-DOC-A05-9-2 Information Asset Inventory Restricted
ISMS-DOC-A05-10-1 Acceptable Use Policy Protected
ISMS-DOC-A05-10-2 Internet Access Policy Protected
ISMS-DOC-A05-10-3 Electronic Messaging Policy Protected
ISMS-DOC-A05-10-4 Asset Handling Procedure Protected
ISMS-DOC-A05-10-5 Procedure for Managing Lost or Stolen Devices Protected
ISMS-DOC-A05-10-6 Online Collaboration Policy Protected
ISMS-FORM-A05-11-1 New Starter Checklist Restricted
ISMS-DOC-A05-12-1 Information Classification Procedure Protected
ISMS-DOC-A05-13-1 Information Labelling Procedure Protected
ISMS-DOC-A05-14-1 Information Transfer Procedure Protected
ISMS-DOC-A05-14-2 Information Transfer Agreement Restricted
ISMS-DOC-A05-15-1 Access Control Policy Protected
ISMS-DOC-A05-18-1 User Access Management Process Protected
ISMS-DOC-A05-19-1 Information Security Policy for Supplier Relationships Protected
ISMS-DOC-A05-20-1 Supplier Information Security Agreement Confidential
ISMS-DOC-A05-21-1 Supplier Due Diligence Assessment Procedure Protected
ISMS-FORM-A05-21-1 Supplier Due Diligence Assessment Restricted
ISMS-DOC-A05-22-1 Supplier Information Security Evaluation Process Protected
ISMS-DOC-A05-22-2 Supplier Evaluation Covering Letter Protected
ISMS-FORM-A05-22-1 Supplier Evaluation Questionnaire Restricted
ISMS-DOC-A05-23-1 Cloud Services Policy Protected
ISMS-DOC-A05-23-2 Cloud Services Process Protected
ISMS-DOC-A05-23-3 Cloud Service Specifications Protected
ISMS-FORM-A05-23-1 Cloud Services Questionnaire Restricted
ISMS-DOC-A05-24-1 Incident Response Plan Ransomware Restricted
ISMS-DOC-A05-24-2 Incident Response Plan Denial of Service Restricted
ISMS-DOC-A05-24-3 Incident Response Plan Data Breach Restricted
ISMS-DOC-A05-25-1 Information Security Event Assessment Procedure Protected
ISMS-DOC-A05-26-1 Information Security Incident Response Procedure Protected
ISMS-FORM-A05-27-1 Incident Lessons Learned Report Restricted
ISMS-DOC-A05-30-1 Business Impact Analysis Process Protected
ISMS-DOC-A05-30-2 Business Impact Analysis Report Restricted
ISMS-DOC-A05-30-3 ICT Continuity Incident Response Procedure Restricted
ISMS-DOC-A05-30-4 ICT Continuity Plan Restricted
ISMS-DOC-A05-30-5 ICT Continuity Exercising and Testing Schedule Protected
ISMS-DOC-A05-30-6 ICT Continuity Test Plan Protected
ISMS-DOC-A05-30-7 ICT Continuity Test Report Restricted
ISMS-FORM-A05-30-1 Business Impact Analysis Tool Restricted
ISMS-DOC-A05-31-1 Legal, Regulatory and Contractual Requirements Procedure Protected
ISMS-DOC-A05-31-2 Legal, Regulatory and Contractual Requirements Restricted
ISMS-DOC-A05-32-1 IP and Copyright Compliance Policy Protected
ISMS-DOC-A05-33-1 Records Retention and Protection Policy Protected
ISMS-DOC-A05-34-1 Privacy and Personal Data Protection Policy Protected
ISMS-DOC-A05-34-2 Personal Data Breach Notification Procedure Protected
ISMS-FORM-A05-34-1 Personal Data Breach Notification Form Confidential
ISMS-FORM-A05-34-2 Breach Notification Letter to Data Subjects Confidential
ISMS-DOC-A05-35-1 Information Systems Audit Plan Restricted
ISMS-DOC-A05-36-1 Information Security Summary Card Unclassified
ISMS-DOC-A05-37-1 Operating Procedure Protected
ISMS-DOC-A06-1-1 Employee Screening Procedure Protected
ISMS-FORM-A06-1-1 Employee Screening Checklist Restricted
ISMS-DOC-A06-2-1 Guidelines for Inclusion in Employment Contracts Restricted
ISMS-DOC-A06-4-1 Employee Disciplinary Process Protected
ISMS-FORM-A06-5-1 Employee Termination and Change of Employment Checklist Restricted
ISMS-FORM-A06-5-2 Leavers Letter Restricted
ISMS-DOC-A06-6-1 Schedule of Confidentiality Agreements Confidential
ISMS-DOC-A06-6-2 Non-Disclosure Agreement Confidential
ISMS-DOC-A06-7-1 Remote Working Policy Protected
ISMS-DOC-A06-8-1 Information Security Event Reporting Procedure Protected
ISMS-DOC-A07-1-1 Physical Security Policy Protected
ISMS-DOC-A07-2-1 Physical Security Design Standards Restricted
ISMS-DOC-A07-3-1 Data Centre Access Procedure Protected
ISMS-DOC-A07-4-1 CCTV Policy Protected
ISMS-DOC-A07-6-1 Procedure for Working in Secure Areas Protected
ISMS-DOC-A07-7-1 Clear Desk and Clear Screen Policy Protected
ISMS-DOC-A07-9-1 Procedure for Taking Assets Offsite Protected
ISMS-DOC-A07-10-1 Procedure for the Management of Removable Media Protected
ISMS-DOC-A07-10-2 Physical Media Transfer Procedure Protected
ISMS-FORM-A07-13-1 Equipment Maintenance Schedule Protected
ISMS-DOC-A07-14-1 Procedure for the Disposal of Media Protected
ISMS-DOC-A08-1-1 Mobile Device Policy Protected
ISMS-DOC-A08-1-2 BYOD Policy Protected
ISMS-DOC-A08-3-1 Dynamic Access Control Policy Protected
ISMS-DOC-A08-6-1 Capacity Plan Protected
ISMS-DOC-A08-7-1 Anti-Malware Policy Protected
ISMS-DOC-A08-8-1 Technical Vulnerability Management Policy Protected
ISMS-DOC-A08-8-2 Technical Vulnerability Assessment Procedure Restricted
ISMS-DOC-A08-9-1 Configuration Management Policy Protected
ISMS-DOC-A08-9-2 Configuration Management Process Protected
ISMS-DOC-A08-9-3 Configuration Standard Template Protected
ISMS-DOC-A08-10-1 Information Deletion Policy Protected
ISMS-DOC-A08-11-1 Data Masking Policy Protected
ISMS-DOC-A08-11-2 Data Masking Process Protected
ISMS-DOC-A08-12-1 Data Leakage Prevention Policy Protected
ISMS-DOC-A08-13-1 Backup Policy Protected
ISMS-DOC-A08-14-1 Availability Management Policy Protected
ISMS-DOC-A08-15-1 Logging and Monitoring Policy Protected
ISMS-DOC-A08-16-1 Monitoring Policy Protected
ISMS-DOC-A08-18-1 Privileged Utility Program Register Protected
ISMS-DOC-A08-19-1 Software Policy Protected
ISMS-DOC-A08-20-1 Network Security Policy Protected
ISMS-DOC-A08-21-1 Network Services Agreement Restricted
ISMS-DOC-A08-23-1 Web Filtering Policy Protected
ISMS-DOC-A08-24-1 Cryptographic Policy Protected
ISMS-DOC-A08-25-1 Secure Development Policy Protected
ISMS-FORM-A08-26-1 Requirements Specification Restricted
ISMS-DOC-A08-27-1 Principles for Engineering Secure Systems Protected
ISMS-DOC-A08-28-1 Secure Coding Policy Protected
ISMS-FORM-A08-29-1 Acceptance Testing Checklist Restricted
ISMS-DOC-A08-31-1 Secure Development Environment Guidelines Protected
ISMS-DOC-A08-32-1 Change Management Process Protected