Documents of external origin
Assign topic to the user
Answer: ISO 27001 expressly requires you to control external documents that are important for your ISMS - for example, these could be agreements, official correspondence with your clients and/or with government agencies, manuals you receive with the tools or equipment you use, etc.
Mail register as such is not required, but you need to know where these external documents are and who is responsible for them.
Dejan,
Thank you, that makes sense.
I'm reading 27001 clause 7.5 and it says "Documented information of external origin, determined by the organization to be necessary...". It sounds like I should define what external documents are necessary to be tracked, correct? Would section 4 of the "Procedure for document record control" document be the right place to do that?
In your Procedure for document control you should specify only some general principles for controlling your external documents - e.g. who handles them, who decides whether they are necessary or not, etc. I wouldn't recommend that you specify which external documents are to be controlled in the Procedure because you would have to change your procedure too often.
Comment as guest or Sign in
Jan 12, 2016