Documents and records
Assign topic to the user
Answer: Basically documents refer to information used to plan or define activities, while records are used as evidence of activities done or results achieved. Considering your examples, we have:
Scope: document that defines where the ISMS is applicable.
Information Security policy: document that defines the main rules about information security.
Risk assessment: If you refer to Risk Assessment Methodology, it is a document that defines how to perform a risk assessment. On the other hand, if you refer to Risk Assessment Report, it is a record that evidences the results of an risk assessment.
Training, monitoring and measurement, internal audit: for all these you must be more specific, because if you are referring to a procedure or a policy, you are talking about a document, but if you refer, f or example, to a training attendance list, monitoring or internal audit report, you are referring to a record.
This article will provide you further explanation about records in ISO 27001:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
These materials will also help you regarding documents and records in ISO 27001:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
Comment as guest or Sign in
Mar 28, 2017