How to treat an ISMS document that is due for review
Assign topic to the user
Answer: Once you perform the review, you just have to make some kind of a record that this job is done - you can e.g. send an email to the CISO (or other person coordinating the ISMS) that you have performed the review and have nothing to change. In other words, you record nothing in the Revision History, but still you did make some other record about the job.
In the Next Scheduled Review Date section you simply state the next date - probably in one year time.
These articles may also help you:
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
Thank you so much for this answer. It is exactly what I was looking for. In my case, I will record it by listing all the docs due for review in our ticket management system and simply comment next to each one. In the case of docs not requiring change, I will just say "Reviewed but no changes were necessary. It will however be reviewed again next year 201x".
Comment as guest or Sign in
Aug 03, 2016