Control procedure

You can use your existing Procedure for Document Control for both ISO 9001 and ISO 27001 because ISO 9001 has the same requirements like ISO 27001 when it comes to document control.

For further information, see:

• Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
• ISO 27001 implementation: How to make it easier using ISO 9001 https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/

This material will also help you regarding ISO 27001 document management:

• Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Thank you, I have read the reply and I may not have explained the question clearly.

My question is not regarding the actual numbering as much as the difference in the requirements of the two standards, which will lead to write a specific documents and control procedure for the documents and records related to security of information.

There is a different in the actual document and record control procedure according to the ISO 27001 v ISO 9001.

Namely :

1- The approval process of these documents is carried out by specific responsibility, e.g information security manager.

2- The actual documents have level of confidentiality which effect the publishing and distribution of these documents.

3- Records have to have permission from the responsible person for retrieving any sensitive information.

For these reasons I believe I may have to write a new document and records control procedure to accommodate these specific requirements specific for the sensitive information/documents.

Writing a new procedure covering the specifics for information security-related documents is acceptable to fulfill ISO 27001 criteria.

Another possibility is you adjust your current document to define the specification for information security. For example, you can write:

• “QMS documents are approved by [job title responsible for QMS], and ISMS documents are approved by [job title responsible for ISMS]
• Information Classification levels are applicable only to ISMS documents
• Permission for retrieving records are applicable only to ISMS documents