Guest user Created: Apr 08, 2017 Last commented: Apr 08, 2017

Procedure for document control and ISO 27002 controls

Re 27002 code of practice. would it matter if i listed my document control procedure as an asset under 8. Asset Management or as an operational security measure 12 Operations Security? what is best

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Apr 08, 2017

Answer: Actually, procedure for document control is related to the management part of information security - i.e. it is related to the main part of ISO 27001, and not to security controls listed in ISO 27002.

So in my opinion, it wouldn't make sense to try to fit it anywhere in ISO 27002 controls - document control belongs to the management part of information security.

These articles will help you:
- ISO 27001 vs ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

These materials will also help you regarding document management:
- book Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free o nline training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 08, 2017

Expert Advice Community