Guest
Procedure for document control - only for ISMS documents?
With regards to the "Procedure for Document & Record Control" document--is this only referring to documents pertaining to the ISMS? In other words, it isn't referring to ALL internal and external documents, programming code (our business is on software development and consulting), invoices, etc. ? We are strictly talking about documents pertaining to the maintenance and guidelines around ISMS--yes?
Assign topic to the user
Expert
Dejan Kosutic
May 12, 2016
Answer:
ISO 27001 requires you to control only your ISMS documents; however if you find this system useful you can use it for all of the internal and external documents in your company.
So it is really up to you to decide to which documents does this procedure refer to - just make sure that you specify this clearly in the procedure.
Comment as guest or Sign in
May 12, 2016
May 12, 2016
May 12, 2016