Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

ISO27001 General Question

  Quote
Guest
Guest user Created:   Nov 18, 2020 Last commented:   Nov 18, 2020

ISO27001 General Question

How does external auditing firms (for ISO27001 certification) view clients who call “Standard Operating Procedures” Policies?  We both know there is a clear difference between Policies, Procedures, and Guidelines.  However, this firm calls SOP policies, and in most cases it looks like it.

What’s your perspective?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 18, 2020

Provided the documentation fulfills the requirements of the audit criteria, auditing firms consider irrelevant for audit purposes how organizations call their documentation.

For example, a backup policy can include either the guidelines to plan backup and recovery activities (e.g., periodicity, technology, etc.), and the step by step activities to perform backup an recovery.

This article will provide you a further explanation about document management:
-  Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

This material will also help you regarding document management:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 18, 2020

Nov 18, 2020

Suggested Topics

Guest user Created:   Oct 18, 2019 ISO 27001 & 22301
Replies: 1
0 1

E-mail use

Guest user Created:   Sep 23, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 implementation