Register of external correspondence
I'm finalizing the procedure for document control and a little bit confused about the section regard external correspondence. It suggests we need a register to document external correspondence, but what does this entail? We currently don't have a process for this.
Is the expectation that any document we receive externally (via email or physically) needs to be documented? If not, what examples of documents would we need to take note of?
Assign topic to the user
Please note that the section regarding external correspondence refers to electronic and physical documents you need for your ISMS that come from external parts like customers, suppliers, regulatory agencies, etc. If an external document is irrelevant to the ISMS, you do not need to control it as an external correspondence.
For example, specifications sent from a customer contracts from a supplier and a law from a government agency. The ISO 27001 standard is an example of an external document required by the ISMS.
For further information, see:
- How to manage documents according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2021/06/27/how-to-manage-documents-according-to-iso-27001-and-iso-22301/
Comment as guest or Sign in
Mar 20, 2023