Expert Advice Community

Guest

Creating, reviewing, and approving documents

  Quote
Guest
Guest user Created:   Apr 14, 2022 Last commented:   Apr 14, 2022

Creating, reviewing, and approving documents

Who shall create, review, and approve documents (i.e., policies and procedures) for ISO 27001? The practice in our organizations is that all Corporate Service Unit Heads that would be affected by the documents need to sign will be "Endorsers" for the documents. I would like to propose that they minimize number of approvers. But I need justification for the proposal. I just need a justification for reducing number of signatories for the documents so that the routing would be lessen. I mean the governance team would be the signatories instead of a lot in the list.
0 2

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 14, 2022

Except by the top-level Information Security Policy, which is required to be approved by top management, ISO 27001 does not prescribe who needs to create, review, and approve documents for ISO 27001, so organizations can define these roles as best they fit their needs.

Considering that, operationally speaking, you can justify that the reduction of the number of signatories will make the approval process more efficient.

Good practice is that one person from the top management approves the document, and a couple of relevant people review the document before it is approved - this makes the process faster, and the documents better.

For further information, see:
- How to manage documents according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2021/06/27/how-to-manage-documents-according-to-iso-27001-and-iso-22301/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 14, 2022

Apr 14, 2022

Suggested Topics

Guest user Created:   Jun 10, 2024 ISO 27001 & 22301
Replies: 1
0 0

Non-mandatory documents

Brad Created:   Apr 22, 2024 ISO 27001 & 22301
Replies: 1
0 0

Custom Edit Documents