Guest user Created: Jan 13, 2016 Last commented: Jan 13, 2016

Handling documents of external origin

I have a question. For the PROCEDURE FOR DOCUMENT AND RECORD CONTROL, is section 4 really needed? It seems odd to track incoming packages, every single piece of email, etc. I'm also unfamiliar with the concept of an incoming mail register.

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 13, 2016

Could this section be scoped only to related records of external origin? I'm not sure how relevant this is for what we manage. I work for a cloud software company, so we're mostly managing documentation and artifacts related to our infrastructure.

Thanks for any feedback or examples of how others have handled this.

Answer:

In its clause 7.5.3, ISO 27001:2013 explicitly requires you to control documents of external origin that are important for your ISMS. So basically you have to decide what's important, so you might control notifications about the vulnerabilities, communication with your clients related to security issues, etc. In other words, you don't have to control everything.

Incoming m ail register is not a mandatory document, you can simply have a table where you register who received some important external document, or where such document is stored.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 13, 2016

Expert Advice Community