SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

DMS/Apps - information/content delineation questions

  Quote
Guest
Guest user Created:   Feb 23, 2022 Last commented:   Feb 23, 2022

DMS/Apps - information/content delineation questions

We are trying to understand / get a clear definition of the delineation between DMS and Application information/content, Background Currently we use Dropbox, Fibery Collaborative Docs & Whiteboards, and HubSpot to store company documentation and files. The content of each is not managed in anyway and has grown organically. For our ISO 27001 DMS our intention is to use a new separate folder area within Dropbox to store the ISO Documents are records, and related PowerX documents, and use a Register (spreadsheet) to list all assets and provide a hyperlink to the folder where they are stored. Questions 1. What we are getting confused over is, what information/content can stay in Fibery and Hubspot (and other Collaborative apps like Confluence – which we will be using) and what we need to move into the DMS.  Is there any guidance on how to approach this? For example, if we leave ISMS related content in Fibery and point the hyperlink to the content is that OK ... 2. Another question is, most 3rd party apps provide features to create documents. For example, Fibery has a document function to create docs to their standards. However, they do not have the fields to store many of the ISO Document standards, like control info. and classification type. And access can be open to anyone authorised. Would it be fair to say, that any ISMS related documents and records should not be stored in such an App. ?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 23, 2022

1. What we are getting confused over is, what information/content can stay in Fibery and Hubspot (and other Collaborative apps like Confluence – which we will be using) and what we need to move into the DMS.  Is there any guidance on how to approach this? For example, if we leave ISMS related content in Fibery and point the hyperlink to the content is that OK ...

ISO 27001 does not prescribe where to store documents and files, so organizations can adopt the approach that better suits their needs, provided the standard’s requirements for creation, update, and control of documents are fulfilled.

Considering that, your approach of leaving ISMS-related content in Fibery and pointing the hyperlink to the content is acceptable, provided you fulfill the standard’s requirements for the creation, update, and control of documents.

For further information, see:

2. Another question is, most 3rd party apps provide features to create documents. For example, Fibery has a document function to create docs to their standards. However, they do not have the fields to store many of the ISO Document standards, like control info. and classification type. And access can be open to anyone authorised. Would it be fair to say, that any ISMS related documents and records should not be stored in such an App. ? 

Your understanding is correct. You should avoid the use of apps that cannot allow document management according to ISO 27001 requirements.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 23, 2022

Feb 23, 2022

Suggested Topics

Guest user Created:   May 21, 2022 ISO 27001 & 22301
Replies: 1
0 0

Toolkit questions

Guest user Created:   May 15, 2022 ISO 27001 & 22301
Replies: 1
0 0

Conformio expert questions