Internal and external issues, requirements of interested parties
We are BPO organization and external auditor marked us following NC "Internal and External Issues are addressed in Risk Assessments which can be more clearly established. Also the requirements of Interested parties can be further elaborated." How can we overcome on above mentioned NC?
Basic requirements and documents of ISO 22301
Appendix 4: Examples of disruptive incidents scenarios
Difference between information asset and IT asset?
Difference between total risk and residual risk
Standard for protection of personally identifiable information
ISO 27001 - Document Control on non-ISMS documentation
Hello,
As per our document control procedure, we have the following requirement
1. Document Information block
2. Approval block
3. Change History block
4. Distribution block
5. Document Coding
6. Classification
I would like to know that whether for non-ISMS documents authored by various departments requires all these information blocks or only "document coding" and "classification" is sufficient.
I believe it is not necessary for all the departments to follow single template for documentation apart from document coding and classification.
Please suggest.
Regards.