Expert Advice Community

Guest

ISO27001 General Question

  Quote
Guest
Guest user Created:   Nov 18, 2020 Last commented:   Nov 18, 2020

ISO27001 General Question

How does external auditing firms (for ISO27001 certification) view clients who call “Standard Operating Procedures” Policies?  We both know there is a clear difference between Policies, Procedures, and Guidelines.  However, this firm calls SOP policies, and in most cases it looks like it.

What’s your perspective?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 18, 2020

Provided the documentation fulfills the requirements of the audit criteria, auditing firms consider irrelevant for audit purposes how organizations call their documentation.

For example, a backup policy can include either the guidelines to plan backup and recovery activities (e.g., periodicity, technology, etc.), and the step by step activities to perform backup an recovery.

This article will provide you a further explanation about document management:
-  Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

This material will also help you regarding document management:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 18, 2020

Nov 18, 2020

Suggested Topics