Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Documents and records

All organization's documents should be structured as the mandatory documents of ISO 27001 (containing level of confidentiality, document management and validity of the document), or all documents e.g. a slide show, Minutes of meeting, contracts, tests report , etc?

0 0

Assign topic to the user

Select user

Guest

AntonioS Jan 12, 2016

The first thing is that you have to differentiate between documents and records, they are not the same thing. A document can be a procedure, a methodology, a plan, etc. A record can be result of internal audit, result of management review, logs, etc. So, the difference is that a document describes actions, whereas a record is the result (and evidences for auditors) of actions performed.
Second thing, you have to read this article to know what are the list of mandatory documents and records that you need in the ISO 27001 (also you can see Non mandatory documents) List of mandatory documents required by ISO 27001 (2013 revision): https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community