List of documents required for ISO 27001:2013

You must document:

Scope (4.3)
Information security policy (5.2 e)
Information security risk assessment process (6.1.2)
Information security risk treatment process, including a risk treatment plan (6.1.3)
Statement of Applicability (6.1.3)
Information security objectives (6.2)
Evidence of competence (7.2)
That “determined by the organisation as being necessary for the effectiveness of the ISMS” (7.5.1 b)
Information necessary to have confidence that the processes required for operational planning and control have been carried out as planned (8.1)
Results of information security risk assessments (8.2)
Results of information security risk treatment (8.3)
Evidence of the information security performance monitoring and measuring results (9.1)
Internal audit programme(s) and the audit results (9.2 g)
Internal audit procedure (ISO 27000:2014, sec. 2.5)
Evidence of the results of management reviews (9.3)
Evidence of the nature of the nonconformities and any subsequent actions taken, and the results of any corrective actions (10.1)

It is also best practice to provide supporting documentation for your chosen Annex A controls. Auditors will need to confirm each of your organisation’s processes is systematically communicated, understood, executed and effective.