Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Documents of external origin

I have a question about something in the "Procedure for document record control" document. Section 4, titled "Documents of external origin". Being such a small shop, I wonder if this is necessary for us. Can you give me an example of what kind of documents are tracked in the mail register?

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Answer: ISO 27001 expressly requires you to control external documents that are important for your ISMS - for example, these could be agreements, official correspondence with your clients and/or with government agencies, manuals you receive with the tools or equipment you use, etc.

Mail register as such is not required, but you need to know where these external documents are and who is responsible for them.

Quote

0 0

Guest

Guest post Jan 12, 2016

Dejan,

Thank you, that makes sense.

I'm reading 27001 clause 7.5 and it says "Documented information of external origin, determined by the organization to be necessary...". It sounds like I should define what external documents are necessary to be tracked, correct? Would section 4 of the "Procedure for document record control" document be the right place to do that?

Quote

0 0

Guest

DejanK Jan 12, 2016

In your Procedure for document control you should specify only some general principles for controlling your external documents - e.g. who handles them, who decides whether they are necessary or not, etc. I wouldn't recommend that you specify which external documents are to be controlled in the Procedure because you would have to change your procedure too often.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community