The auditor has indicated that there are a number of 2021 policies where we cannot demonstrate per date stamping in Conformio that the policies are valid/current in 2022. we don't want to change anything in the policies (e.g., information security policy), but how can we demonstrate that an older policy is still valid in 2022 given it is date stamped 2021.
Assign topic to the user
I’m assuming that by date stamping you are referring to the version and date information included in the footer of each document.
In order to prove that the documents are still valid, you can show the auditor that these documents were reviewed by the document owner and considered fit for purpose without the need for changes.
As the evidence of review, you can show to the auditor that the document owner receives a periodic task to review and make changes (if necessary) every “x” months depending on what is defined in the properties within the document. The tasks look like this: https://prnt.sc/-8VvUNAzNGMJ
To access the list of tasks, please access the link “Responsibility Matrix” in the left panel on the Conformio Main screen. From there you can filter the task with “Recurring tasks”.
For further information, see:
- How to manage documents according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2021/06/27/how-to-manage-documents-according-to-iso-27001-and-iso-22301/
Comment as guest or Sign in
Aug 03, 2022