Guest post Created: Jan 13, 2016 Last commented: Jan 13, 2016

ISO 27001 - Document Control on non-ISMS documentation

Hello, As per our document control procedure, we have the following requirement 1. Document Information block 2. Approval block 3. Change History block 4. Distribution block 5. Document Coding 6. Classification I would like to know that whether for non-ISMS documents authored by various departments requires all these information blocks or only "document coding" and "classification" is sufficient. I believe it is not necessary for all the departments to follow single template for documentation apart from document coding and classification. Please suggest. Regards.

0 0

Assign topic to the user

Select user

Guest

AntonioS Jan 13, 2016

In accordance with the clause "7.5.3 Control of documented information" : "Documented information required by the information security management system and by this International Standard shall be controlled...". So it is not necessary that non-ISMS documents follow the control of documented information, although from my point of view can be a best practice. So, "document coding", "classification", "Change history block", "distribution", etc. are not strictly necessary for non-ISMS documents, but can be useful and a best practices for your business.

This article can be interesting for you "Document management in ISO 27001 & BS 25999-2" : https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 13, 2016

Expert Advice Community