SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Guest

Procedure for document and record control

  Quote
Guest
Atheer AlMartan Created:   Jan 30, 2024 Last commented:   Feb 02, 2024

Procedure for document and record control

Hello,

Good Morning,

could be tell me what do you guys excatly want from the Procedure for document and record control document ? 

in details please + I got couple of questions too, my scope is the whole organization, " This procedure is applied to all documents and records related to the ISMS ", so in my case is it all company's documents ? 

Document approval 

I understood that the CEO must approve all documents and is there something else ?

3.3. Publishing and distributing documents; withdrawal from use

There are some parts conformio is mentioned there I dont thing this is a professional way for the word " confirmo " is written there, " the Conformio platform will automatically inform all employees listed as users of the document by email...."

 

tell me more about record control and also document of external origin what do you want from me exaclty, I could not figure it out.

 

Thank you in advance,

68 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 02, 2024

1. Could be tell me what you guys exactly want from the Procedure for document and record control document? In detail please + I got a couple of questions too, my scope is the whole organization.

The purpose of the Procedure for document and record control is to establish a structured and unified approach for creating, updating, controlling, and protecting documents and records within a company. This ensures that the documented information is available for use, fit for purpose, and adequately protected against damage or loss of integrity and identity. The procedure defines the rules for creating and identifying documents, approving and publishing them, controlling access and distribution, withdrawing outdated documents, and managing updates and changes. It helps provide clarity to all employees on how to manage documents and records, ensuring compliance with ISO standards and facilitating effective information management within the organization.

2. "This procedure is applied to all documents and records related to the ISMS ", so in my case is it all company's documents ?

The organization can decide whether to apply the Procedure only to ISMS related documents, or to all documents in the company scope.

3. Document approval

I understood that the CEO must approve all documents and is there something else?

In a small ISMS scope, it is common practice for the CEO to approve all documents. This is because, in smaller companies, the CEO is usually the top-level management and has the authority to make decisions and approve important documents. However, it is important to note that the responsibility for approving documents can vary depending on the company's size and structure. In mid-size and larger companies, the responsibility for approving documents may be divided between senior management, security officers, and heads of departments. 

4. 3.3. Publishing and distributing documents; withdrawal from use

There are some parts conformio is mentioned there I dont thing this is a professional way for the word " confirmo " is written there, " the Conformio platform will automatically inform all employees listed as users of the document by email...."

First of all, sorry for the confusion.

Conformio is our platform to help organizations implement and operate an ISMS. In the text you mention, our platform will automatically inform users when a new document is published and retrieve old versions.

5. tell me more about record control and also document of external origin what do you want from me exactly, I could not figure it out.

Record control refers to the management of records within an organization. It involves defining how records are created, stored, accessed, retrieved, used, protected, and disposed of. The control of records ensures that they are available when needed, suitable for their intended use, and adequately protected. ISO 27001 requires organizations to have controls in place for the distribution, access, retrieval, and use of records, as well as for their storage, preservation, control of changes, and retention and disposition.

The control of documents of external origin refers to the management of documents that are not owned or controlled by the organization but are necessary for its operation. These external documents can include laws, regulations, standards, contracts, service agreements, product specifications, operation manuals, and more.

To control documents of external origin, the organization should define what are the relevant external documents for the Information Security Management System (ISMS) and who will be responsible for identifying and reviewing them. The frequency of verification should also be established.

One approach to controlling external documents is to have each head of a department responsible for the applicable external document. For example, the Head of the IT department can identify encryption standards for the website as a relevant external document and ensure it is controlled by the company.

It is important to note that external documents can be both physical and electronic. Physical documents can be received at the organization's office or a remote location if necessary. Electronic documents can include emails, digital files, and online resources.

 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 30, 2024

Feb 02, 2024