thank you for your reply and your colleagues comments.
I am still unsure about the external Documents and the acceptable handling thereof.
Our Servicedesk registers documents within its tracking system.
Do I need to keep an explicit record or may I argue that I can request any registered document from our Servicedesk?
I require advice which external documents are required for the ISMS. Your colleague wrote:
“Examples of external documents are laws and regulations you need to comply with, documentation sent by your customers or suppliers, etc.
The identification of such documents can be made during identification of ISMS requirements and risk assessment.”
The only external documents that we identified as pertaining to our ISMS might be the auditors reports and certificates.
Which “identification of ISMS requirements and risk assessment.” Is your colleague referring to?
I leave my questions at that,
I am looking forward to some clarification and will continue from that.