I do have some questions related to implementation of the ISO27001, for example we already have document control procedure based on the ISO 9001 do I update it to reflect the ISO 27001 or have a standalone document control procedure based on the ISO 27001. I do need this clarification
Thank you, I have read the reply and I may not have explained the question clearly.
My question is not regarding the actual numbering as much as the difference in the requirements of the two standards, which will lead to write a specific documents and control procedure for the documents and records related to security of information.
There is a different in the actual document and record control procedure according to the ISO 27001 v ISO 9001.
1- The approval process of these documents is carried out by specific responsibility, e.g information security manager.
2- The actual documents have level of confidentiality which effect the publishing and distribution of these documents.
3- Records have to have permission from the responsible person for retrieving any sensitive information.
For these reasons I believe I may have to write a new document and records control procedure to accommodate these specific requirements specific for the sensitive information/documents.