Rules for writing and approving documents
Assign topic to the user
Answer: ISO 27001 does not require you to include users of the procedure, however it is easier if you do write this because then you know who to send the procedure to.
If I put "Approved By: ***" (which are my presidents initials) do I have to have him sign them? Or will that be sufficient?
Answer: ISO 27001 does not require the documents to be signed, however they need to be approved according to your Document control procedure.
What about documents? Does he need to approve those as well with a signature?
Answer: The same as previous answer.
Documents should reference a document # as well as the rev# date and appendix correct?
Answer: I'm not sure if I understood your question correctly, however when you write documents you should include their revision number and date; if you want you can add a code to each of your documents; when you refer to other documents, you do not need to mention all these details since this would mean when you change one document you would ne ed to change all the related documents, too.
Only procedures need to be documented as to who has them...not actual documents?
Answer: Procedures are only one type of documents - other documents might be policies, plans, reports, minutes of the meeting, other records, etc. This article will help you: List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Comment as guest or Sign in
Jan 12, 2016