Documented Information Requirements
With the release of the new 2013 version of ISO 27001, a modified approach to required documents must be adopted. In the legacy version of the standard, it was explicit in laying out those documents, whether they are procedures, policies, results, or processes that were required by the standard (see ISO 27001:2005, clause 4.3.1). The 2013 version has similar documentation requirements (referenced to as documented information); however, those requirements are not cataloged within the standard but rather spread throughout the individual requirements. We have included those documented information requirements below.