Expert Advice Community

Apply procedure for document and record control only to information security policies in Conformio?

  Quote
Henrik Created:   Sep 29, 2023 Last commented:   Oct 07, 2023

Apply procedure for document and record control only to information security policies in Conformio?

In the Conformio implementation step "Procedure for document and record control" the document Purpose states "This procedure is applied to all documents and records related to the ISMS", how can I change that?

However the Requirements sections reads "You may choose whether these rules apply only to information security policies, procedures, plans and records, or to the documentation for your whole company."

How do I change the document to reflect that?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 07, 2023

Please note that there is no need to change the text in the procedure to reflect what is stated in Conformio description of the document.

ISO 27001 requires documents and records related to the ISMS to be controlled, so the procedure needs to have the text "This procedure is applied to all documents and records related to the ISMS" as it is.

If you want to apply the same rules outside of the ISMS, you can do it, but there is no need to change this sentence in the procedure.

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Sep 29, 2023

Oct 07, 2023