Guest user Created: Apr 29, 2020 Last commented: Apr 29, 2020

A.18.1.3 Protection of Records

Does the Topic Protection of Records limit to the protection of ISMS documents only? If not, then what other Records of the Company needs to be protected and please suggest some ways of protecting it.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Apr 29, 2020

First is important to note that "ISMS documents" do not refer only to documents required by the standard (such as the Information security policy), but also to any other documents and records your organization sees as relevant to the ISMS defined purpose and objectives, like project specifications, contracts, etc.

Considering that, in case you identify relevant risks or legal requirements (e.g., laws, regulations, or contracts) demanding the implementation of control A.18.1.3 for these other documents, then you must apply the control to them also.

In case the documents and records are not related to the ISMS, you still can apply the control, as a good practice, but they will not have an impact on any certification process.

As for ways of protection of such documentation, some examples are:

physical cabinets
backup copies
digital signatures

The choice of protection will depend on the risks identified during the risk assessment.

Quote

0 1

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 29, 2020

Expert Advice Community