In the Conformio implementation step "Procedure for document and record control" the document Purpose states "This procedure is applied to all documents and records related to the ISMS", how can I change that?
However the Requirements sections reads "You may choose whether these rules apply only to information security policies, procedures, plans and records, or to the documentation for your whole company."
How do I change the document to reflect that?
Assign topic to the user
Please note that there is no need to change the text in the procedure to reflect what is stated in Conformio description of the document.
ISO 27001 requires documents and records related to the ISMS to be controlled, so the procedure needs to have the text "This procedure is applied to all documents and records related to the ISMS" as it is.
If you want to apply the same rules outside of the ISMS, you can do it, but there is no need to change this sentence in the procedure.
Comment as guest or Sign in
Oct 07, 2023