Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Document and Record Control Procedure for ISO 9001 and ISO 27001

...the local NGO has ISO9001 in place and I am thinking to refer the Document and Record Control Procedure to the existing ISO9001. The ISO9001 documents are not in English, but the ISMS document is in English, and ISO9001 does not classify the information in general but ISMS will classify the information, so can I still refer the document control to the ISO9001 Document and Record Control Procedure? OR I need to establish a new documented procedure by itself?

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

You can use your existing Procedure for Document Control for both ISO 9001 and ISO 27001, because ISO 9001 has the same requirements as ISO 27001 when it comes to document control. See also: ISO 27001 implementation: How to make it easier using ISO 9001 https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/ - the fact that you have two different languages does not matter either.

If you want to define the rules for information classification, you should do it in a separate policy - this is usually called Information Cl assification Policy - see also: Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community