ISO 27001 Implementation Guidance: ISMS Structure
One misnomer that I most often hear is that ISO 27001 implementation will need the creation of hundreds of information security policies and procedures. There are many toolkits available, and they contain a fairly large number of documents which reinforces this idea. It is simply not the case. The list of documents required is actually fairly small.
The following diagram shows a complete set of documentation that could support ISO 27001 certification.
The simpler your Information Security Management System (ISMS) is, the easier it is to maintain. And the fewer documents you have, the easier it is for your employees to find the information they need.
Don't overcomplicate things. Keep it simple.