Concern points 4 and 5 of document procedure for document and record
Good morning, these items refer to the registration of incoming mails that for me the purpose of these processes is not very clear. I would like to understand a little more about the subject. Thanks.
Assign topic to the user
Regarding section 4, please note that in clause 7.5.3, ISO 27001:2013 explicitly requires you to control documents of external origin that are important for your ISMS, and this section defines how you fulfill this requirement. External documents are any documents not owned or controlled by an organization that is required to its operation, either mandatory or voluntarily adopted. Examples of external documents to be controlled are Laws (e.g., SOX and EU GDPR), standards and regulations (e.g., the ISO 27001 itself), and documents and records from customers, suppliers, and partners (e.g., contracts, service agreements, product/service specification, operation manuals, etc.)
Regarding section 5, it defines how the incoming mail register is stored and protected. The incoming mail register is not a mandatory document, so you can simply have a table where you register who received some important external document, or where such a document is stored.
This article can provide you additional information:
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
This material will also help you regarding control of documents:
- Free video tutorial that you received as part of your toolkit: How to Write ISO 27001/ISO 22301 Document Control Procedure
This material will also help you regarding document management:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
Comment as guest or Sign in
Apr 13, 2021