SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

A.18.1.3 Protection of Records

  Quote
Guest
Guest user Created:   Apr 29, 2020 Last commented:   Apr 29, 2020

A.18.1.3 Protection of Records

Does the Topic Protection of Records limit to the protection of ISMS documents only? If not, then what other Records of the Company needs to be protected and please suggest some ways of protecting it.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 29, 2020

First is important to note that "ISMS documents" do not refer only to documents required by the standard (such as the Information security policy), but also to any other documents and records your organization sees as relevant to the ISMS defined purpose and objectives, like project specifications, contracts, etc.

Considering that, in case you identify relevant risks or legal requirements (e.g., laws, regulations, or contracts) demanding the implementation of control A.18.1.3 for these other documents, then you must apply the control to them also.

In case the documents and records are not related to the ISMS, you still can apply the control, as a good practice, but they will not have an impact on any certification process.

As for ways of protection of such documentation, some examples are:

  • physical cabinets
  • backup copies
  • digital signatures

The choice of protection will depend on the risks identified during the risk assessment.

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Apr 29, 2020

Apr 29, 2020