Electronic File/Folder structure SOP

ISO 27001, like other ISO management standards, has requirements for document and records management you can use to define how to create, approve, review, distribute, and communicate them, among other things.

Considering electronic documents and records, if the quantity of them is not so big you can consider organizing them in folders identified by each section of the standard which requires them (e.g., in folder named "Information Security Policy" you can store the Information security policy, in folder "Risk assessment and Treatment" you can store documents and records related to the risk management process, etc.)

If the quantity of documents is big, you should consider a document management solution (you can see an example of such solution in our platform Conformio at this link: https://advisera.com/conformio/)

For physical records, you should consider a central cabinet to store them, adopting a folder structure similar to the electronic documents.

To see how a procedure to control documents and records compliant with ISO 27001, please take a look at the free demo of this template: https://advisera.com/27001academy/documentation/procedure-for-document-and-record-control/

These articles will provide you a further explanation about document and record management:
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/

These materials will also help you regarding document and record management:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/