Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Managing records kept on the basis of documents

  Quote
Nika Created:   Jan 18, 2021 Last commented:   Jan 20, 2021

Managing records kept on the basis of documents

Hi Advisera,

a lot of records (e.g. Risk Treatment table, or SoA) that should be created and managed should be according to templates in pdf format. I understand that. But there is a version history in Office365, so that we can check whether they were some unauthorized changes. Is that enough, I mean storing the records in Excel or Word form, not pdf, but with a version history turned on?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 20, 2021

Although ISO 27001 requires the storage of specific documents and records (clause 7.5.3 d), and that changes on them are controlled (clause 7.5.3 e), it does not prescribe how to store them or control changes on them, so organizations are free to define the methods that best suit their needs.

Considering that, storing documents in Excel or Word form is acceptable by the standard. However, the version history feature in Office365 may not be sufficient, because it can help detect an unauthorized change, but cannot prevent it. One way to make your solution more robust, you can limit the users that can edit a document to a small group of users.

These articles will provide you a further explanation about documentation management:

These materials will also help you regarding documentation management:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 18, 2021

Jan 20, 2021