Guest user Created: Aug 03, 2016 Last commented: Aug 03, 2016

How to treat an ISMS document that is due for review

How do I treat an ISMS document that is due for review but has nothing in it to be changed or updated. This mostly has to do with the Revision History and Next Scheduled Review Date section.

0 1

Assign topic to the user

Select user

Expert

Dejan Kosutic Aug 03, 2016

Answer: Once you perform the review, you just have to make some kind of a record that this job is done - you can e.g. send an email to the CISO (or other person coordinating the ISMS) that you have performed the review and have nothing to change. In other words, you record nothing in the Revision History, but still you did make some other record about the job.

In the Next Scheduled Review Date section you simply state the next date - probably in one year time.

These articles may also help you:
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/

Quote

0 0

Guest

lililaw Aug 03, 2016

Thank you so much for this answer. It is exactly what I was looking for. In my case, I will record it by listing all the docs due for review in our ticket management system and simply comment next to each one. In the case of docs not requiring change, I will just say "Reviewed but no changes were necessary. It will however be reviewed again next year 201x".

Quote

0 2

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 03, 2016

Expert Advice Community