Document control
Please advise on the following:
For our document control and storage:
We have created area called:
ISMS Documents, which has 2 sub folders:
a. Confidental Folder
B Non Confidential Folder
We have external contracts, and then we have our contracts, which is created internally.
All our contracts are stored under "Non Confidential/Contracts". Would we need to be able to identify internal from external.
How does one manage this, as internal needs to follow history change table, where as external, is dependent is controlled from the external party
Assign topic to the user
ISO 27001 requires that documents from an external origin relevant to the ISMS be identified and controlled, but it does not define how, so organizations are free to implement the approach that better suits them. Internal and external contacts can share the same identification approach, but as a good practice you should consider different ways, so you can track them more easily, especially if you have more contracts from one type than the other.
Regarding change control, what generally happens with contracts is that changes on them are included as annexes, pointing out which clauses have been included, excluded, or changed, so you do not need to use a tablet to perform change control.
This article will also help you regarding document management and ISO 27001:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
These materials will also help you regarding document management and ISO 27001:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 20, 2020