Documents and records management
Hi, we've achieved ISO 27001, we are in our second year. I'm struggling with how to organize all the evidence, records, documents so I can access them quickly especially when an external auditor comes. Any suggestions?
Assign topic to the user
The first important tip for you is to review your current rules defined to comply with clause 7.5.3 (control of documented information). Since you seem to be having a problem with these issues they may be not properly adjusted to your context.
Considering electronic documents and records, if the quantity of them is not so big you can consider organizing them in folders identified by each section of the standard which requires them (e.g., in folder named "Information Security Policy" you can store the Information security policy, in folder "Risk assessment and Treatment" you can store documents and records related to the risk management process, etc.)
If the quantity of documents is big, you should consider a document management solution (you can see an example of such solution in our platform Conformio at this link: https://advisera.com/conformio/)
For physical records, you should consider a central cabinet to store them, adopting a folder structure similar to the electronic documents.
This article will provide you further explanation about document management:
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
This material will also help you regarding document management:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
Comment as guest or Sign in
Nov 07, 2019