Handling documents of external origin
Assign topic to the user
Could this section be scoped only to related records of external origin? I'm not sure how relevant this is for what we manage. I work for a cloud software company, so we're mostly managing documentation and artifacts related to our infrastructure.
Thanks for any feedback or examples of how others have handled this.
Answer:
In its clause 7.5.3, ISO 27001:2013 explicitly requires you to control documents of external origin that are important for your ISMS. So basically you have to decide what's important, so you might control notifications about the vulnerabilities, communication with your clients related to security issues, etc. In other words, you don't have to control everything.
Incoming m ail register is not a mandatory document, you can simply have a table where you register who received some important external document, or where such document is stored.
Comment as guest or Sign in
Jan 13, 2016