ISO 27001 - Document Control on non-ISMS documentation
Assign topic to the user
In accordance with the clause "7.5.3 Control of documented information" : "Documented information required by the information security management system and by this International Standard shall be controlled...". So it is not necessary that non-ISMS documents follow the control of documented information, although from my point of view can be a best practice. So, "document coding", "classification", "Change history block", "distribution", etc. are not strictly necessary for non-ISMS documents, but can be useful and a best practices for your business.
This article can be interesting for you "Document management in ISO 27001 & BS 25999-2" : https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
Comment as guest or Sign in
Jan 13, 2016