Records maintenance

Answer: Regarding software requirements and software design, ISO 27001 has no specific requirement related to what to keep as records. The standard leaves this decision to the organization itself, being the single condition that the defined records are sufficient to ensure the effectiveness of the information security management system. So, your organization do not need to keep records with 100s of lines if this is not needed to ensure that information and security objectives are protected. As an example you can take a look at the free demo of our Specification of Information System Requirements at this link: https://advisera.com/27001academy/documentation/specification-of-information-system-requirements/

In this demo you will note that the record will be only as big as your need to specify systems requirements.

This article will provide you further explanation about documented information in ISO 27001:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/

These materials will also help you regarding documented information in ISO 27001:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/