Document control procedure
Assign topic to the user
Answer: The section "Reference documents" is used to list any document in the company used to define document control. These may be, for example, a documented decision from top management, an internal policy, or an industry regulation.
To identify documents to be referred in the document control procedure, you must identify which requirements, internal or external, the business must fulfil regarding documentation control.
In the toolkit you bought you have access to video tutorials that will help you filling the document control procedure.
2 - We are an IT company (a webhosting provider). Do you have documents and / or recommendations for an industry like this (what are mandatory documents and what not)? Already saw the mandatory documents list.
Answer: ISO 27001 was designed to be easily used by organizations from any industry, so mandatory documents won't change much because you are a webhosting provider - we have lots of clients that are in the same business and there was no need to have any extra security documents.
These articles will provide you further explanation about document control:
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
These materials will also help you regarding document control:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Aug 04, 2017