ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
We are a small team can i remove the following sections:
"The project manager will prepare a project implementation report on a monthly basis and forward it to the project sponsor"
4 Managing records kept on the basis of this document
Record name: Project implementation report (in electronic form)
Storage location: Shared folder for project-related activities
Person responsible for storage: Project manager
Control for record protection: Only the project manager is authorized to edit data
Retention time: The report is stored for a period of 3 years
Answer: The toolkit templates are fully customizable, so you can edit them to fit your organization's needs (if you note, the sentence about the project implementation report already has a comment orienting that it can be deleted if considered unnecessary).
Regarding section 4 (Managing records kept on the basis of this document), if your organization is going for certification, you should keep this section, since this document will be a part of the ISMS documentation and the standard requires that document information is controlled. Otherwise you can exclude this section too (but we strongly recommend you to keep it, since even without going for certification the control of document information is important to organizations).
2 - Why would we need to print and sign documents. Can we not have online sign off be sufficient.
Answer: Only for very specific situations you should have the need to print and sign documents (e.g., when demanded by law or contracts). In most cases the digital version will be enough, and even when you are asked for a printed copy, usually it will not need to be signed.
3 - Would you expect us to have a document code? Is that necessary
Answer: Document code is a common way organizations adopt to organize and control documentation, but it is not mandatory according ISO 27001, so you do not have to create one if your organization does not see reason to.
Included in the toolkit you bought you have access to video tutorials that will help you write the project plan and the document control procedure.
These materials will also help you regarding documentation:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 20, 2017