SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Handling documents of external origin

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

Handling documents of external origin

I have a question. For the PROCEDURE FOR DOCUMENT AND RECORD CONTROL, is section 4 really needed? It seems odd to track incoming packages, every single piece of email, etc. I'm also unfamiliar with the concept of an incoming mail register.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
DejanK Jan 13, 2016

Could this section be scoped only to related records of external origin? I'm not sure how relevant this is for what we manage. I work for a cloud software company, so we're mostly managing documentation and artifacts related to our infrastructure.

Thanks for any feedback or examples of how others have handled this.

Answer:

In its clause 7.5.3, ISO 27001:2013 explicitly requires you to control documents of external origin that are important for your ISMS. So basically you have to decide what's important, so you might control notifications about the vulnerabilities, communication with your clients related to security issues, etc. In other words, you don't have to control everything.

Incoming m ail register is not a mandatory document, you can simply have a table where you register who received some important external document, or where such document is stored.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2016

Jan 13, 2016

Suggested Topics