Copying documents
Assign topic to the user
From your question is not clear whether the question is about audit documents (e.g., audit plans, audit checklists, etc.) or auditee documents, so this answer will cover both alternatives.
For audit documents the auditors have their own templates which they use as they see fit.
Regarding auditee documents, document copy for non-audit purposes is strictly forbidden (very often documents are copied and sent to the auditor when a remote audit is performed), because the document does not belong to the audit area, and when the audit is performed on other organization, in general there is a confidentiality agreement signed with the customer.
Thanks.
My question is from the point of implementing. In the question I came across, there was not option that stated clearly that it was forbidden to copy documents from other organizations.
The best 2 options were..
1. To make the Implementation Faster..
2. To use as a start point for implementing a new ISMS in and organisation.
I was looking out for an option that says such practices is wrong... So my reason for bringing the question to the experts.
I’m assuming the question you refer to is about the usefulness of using ISMS documents from other organizations on your own.
Considering that, the correct answer is that documents from other organizations are only useful as a starting point for developing your own.
This is so because documents from other organizations will not be adjusted to your context, so they can become too bureaucratic, or not provide proper security.
There wasn’t an alternative stating that it was forbidden to copy documents from other organizations because this is not always true. You may have access to documents from other organizations because they are of public nature, or because you may have some sort of agreement you have with them.
Comment as guest or Sign in
Sep 20, 2021