Document lay-out
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
In general, related documents (doesn’t matter in which way they exist (paper document, electronically, inside the information system etc.) from section 4 do they have to be compliant with the things we defined in the [policy for information classification]?
Answer:
The change log form, as well as any other document or record that is part of the ISMS, must be labelled accordingly the Information Classification Policy, as well as to follow the guidelines defined in the Procedure for Document and Record Control (sections 3.1 and 3.5), so the organization does not incur in a non conformity.
Of course, in the Information Classification Policy you may choose to exclude certain type of documents or records from being labelled, in order to make operations with those documents and records more easily. However, in such case you should assess if this would create some unacceptable risks.
These articles will provide you further explanation about document control and labeling:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
Comment as guest or Sign in
Oct 21, 2018