I am delighted to be able to start implementing the ISO 27001 standard. I have several questions as I begin to complete your documents:
1. In the document "PROCEDURE FOR THE CONTROL OF DOCUMENTS AND RECORDS", I have to choose between ISMS and SMCA.
When filling out the "PROJECT PLAN", I read one of your comments "Delete this text and the table if business continuity management is not part of the project."
Can we do both with your kit? Does choosing the ISMS automatically include the SMCA?
2.In the document "PROCEDURE FOR THE CONTROL OF DOCUMENTS AND RECORDS", we must define the Title of a post ensuring the conformity of the documents.
We are 5 in the company. I am the founder and I took charge of the file. Should I put my name, my post of "President" or other.
Can I put my role in this "Quality Manager" project?
Assign topic to the user
1. In the document "PROCEDURE FOR THE CONTROL OF DOCUMENTS AND RECORDS", I have to choose between ISMS and SMCA.
When filling out the "PROJECT PLAN", I read one of your comments "Delete this text and the table if business continuity management is not part of the project."
Can we do both with your kit? Does choosing the ISMS automatically include the SMCA?
I’m assuming that by SMCA you mean Système de Management de la Continuité des Activités
Considering that, the FR ISO 27001 Documentation Toolkit you bought can be used only to implement ISO 27001. What happens is that some templates in the ISO 27001 Documentation Toolkit are also used for ISO 22301 implementation, but your toolkit does not have all templates for implementing ISO 22301 (this is not an automatic choice, you need to choose the toolkit according to your specific needs).
For implementing both ISO 27001 and ISO 22301 you will need the ISO 27001 & ISO 22301 Premium Documentation Toolkit (this toolkit contains all templates designed for both ISO 27001 and ISO 22301): https://advisera.com/27001academy/fr/boite-a-outils-iso-27001-iso-22301-premium/
2.In the document "PROCEDURE FOR THE CONTROL OF DOCUMENTS AND RECORDS", we must define the Title of a post ensuring the conformity of the documents.
We are 5 in the company. I am the founder and I took charge of the file. Should I put my name, my post of "President" or other.
Can I put my role in this "Quality Manager" project?
ISO 27001 does not specify how to identify responsibilities in documents, but common practice is to use job titles, so in case a person is replaced you do not need to update the document.
Considering your case, if the "Quality Manager" role will be used after the project is concluded then you can use it. If not you should use the “President” role.
Comment as guest or Sign in
Aug 18, 2022