Record Control Table and Approved Supplier List
Do we have to keep a record control table and approved supplier lists? Please advise.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
You do not need to have a record control table as a separate document, but you do need to have a record control table within each policy or procedure where you require certain records to be created - this record control table is already included in all the document templates in Conformio.
For further information, see:
- Records management in ISO 27001 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
Regarding approved supplier lists, ISO 27001 does not require this record to be kept, so it would be a management decision to keep such a record in case it considers relevant to their processes.
Comment as guest or Sign in
Oct 13, 2022