Created: Apr 14, 2020 Last commented: Apr 20, 2020

A12.1.1. Documented operating procedures

Hi, I am struggling to understand the concept and information you would document to satisfy the A12.1.1. Documented operating procedures control. Everything that we have identified in the risk assessment and included in the SoA is going to be documented witin the releveant procedural docs that we create. I really don't understand what is the relevance of aforementioned control

Tags: Documented operating procedures

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Apr 17, 2020

The purpose of control A.12.1.1 is to make it clear that all structured activities for any control from section A.12 need to be documented.

To use example of control A.12.1.2 (Change management) - if you have any kind of established process for managing changes for your operational systems, then you must document them (e.g. in the form of a procedure) because of control A.12.1.1; if you have only some unstructured activities for A.12.1.2, then you do not need to document them.

Quote

0 0

Guest

Ric Grime Apr 20, 2020

So i this case is it ok to just say yes in the SOA, because i will havesome documented procedures, and for justification I will namethe procedures in the SoA? no need to wite a more specific doc regarding 12.1.1?

As always thank you, you guys are the best and templates very helpful

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 14, 2020

Apr 20, 2020

Expert Advice Community