SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Control procedure

  Quote
Guest
Guest user Created:   Oct 26, 2021 Last commented:   Oct 27, 2021

Control procedure

I do have some questions related to implementation of the ISO27001, for example we already have document control procedure based on the ISO 9001 do I update it to reflect the ISO 27001 or have a standalone document control procedure based on the ISO 27001. I do need this clarification
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 26, 2021

You can use your existing Procedure for Document Control for both ISO 9001 and ISO 27001 because ISO 9001 has the same requirements like ISO 27001 when it comes to document control.

For further information, see:

This material will also help you regarding ISO 27001 document management:

Quote
0 0
Guest
Guest user Oct 27, 2021

Thank you, I have read the reply and I may not have explained the question clearly.

My question is not regarding the actual numbering as much as the difference in the requirements of the two standards, which will lead to write a specific documents and control procedure for the documents and records related to security of information.

There is a different in the actual document and record control procedure according to the ISO 27001 v ISO 9001.

Namely :

1- The approval process of these documents is carried out by specific responsibility, e.g information security manager.

2- The actual documents have level of confidentiality which effect the publishing and distribution of these documents.

3- Records have to have permission from the responsible person for retrieving any sensitive information.

For these reasons I believe I may have to write a new document and records control procedure to accommodate these specific requirements specific for the sensitive information/documents.

Quote
0 1
Expert
Rhand Leal Oct 27, 2021

Writing a new procedure covering the specifics for information security-related documents is acceptable to fulfill ISO 27001 criteria.

Another possibility is you adjust your current document to define the specification for information security. For example, you can write:

  • “QMS documents are approved by [job title responsible for QMS], and ISMS documents are approved by [job title responsible for ISMS]
  • Information Classification levels are applicable only to ISMS documents
  • Permission for retrieving records are applicable only to ISMS documents
Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Oct 26, 2021

Oct 27, 2021

Suggested Topics