DMS/Apps - information/content delineation questions
Assign topic to the user
1. What we are getting confused over is, what information/content can stay in Fibery and Hubspot (and other Collaborative apps like Confluence – which we will be using) and what we need to move into the DMS. Is there any guidance on how to approach this? For example, if we leave ISMS related content in Fibery and point the hyperlink to the content is that OK ...
ISO 27001 does not prescribe where to store documents and files, so organizations can adopt the approach that better suits their needs, provided the standard’s requirements for creation, update, and control of documents are fulfilled.
Considering that, your approach of leaving ISMS-related content in Fibery and pointing the hyperlink to the content is acceptable, provided you fulfill the standard’s requirements for the creation, update, and control of documents.
For further information, see:
- How to manage documents according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2021/06/27/how-to-manage-documents-according-to-iso-27001-and-iso-22301/
2. Another question is, most 3rd party apps provide features to create documents. For example, Fibery has a document function to create docs to their standards. However, they do not have the fields to store many of the ISO Document standards, like control info. and classification type. And access can be open to anyone authorised. Would it be fair to say, that any ISMS related documents and records should not be stored in such an App. ?
Your understanding is correct. You should avoid the use of apps that cannot allow document management according to ISO 27001 requirements.
Comment as guest or Sign in
Feb 23, 2022