Expert Advice Community

Guest

Toolkit content

  Quote
Guest
Guest user Created:   Nov 20, 2017 Last commented:   Nov 20, 2017

Toolkit content

1 - Document: Project plan
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 20, 2017

We are a small team can i remove the following sections:

"The project manager will prepare a project implementation report on a monthly basis and forward it to the project sponsor"

4 Managing records kept on the basis of this document
Record name: Project implementation report (in electronic form)
Storage location: Shared folder for project-related activities
Person responsible for storage: Project manager
Control for record protection: Only the project manager is authorized to edit data
Retention time: The report is stored for a period of 3 years

Answer: The toolkit templates are fully customizable, so you can edit them to fit your organization's needs (if you note, the sentence about the project implementation report already has a comment orienting that it can be deleted if considered unnecessary).

Regarding section 4 (Managing records kept on the basis of this document), if your organization is going for certification, you should keep this section, since this document will be a part of the ISMS documentation and the standard requires that document information is controlled. Otherwise you can exclude this section too (but we strongly recommend you to keep it, since even without going for certification the control of document information is important to organizations).

2 - Why would we need to print and sign documents. Can we not have online sign off be sufficient.

Answer: Only for very specific situations you should have the need to print and sign documents (e.g., when demanded by law or contracts). In most cases the digital version will be enough, and even when you are asked for a printed copy, usually it will not need to be signed.

3 - Would you expect us to have a document code? Is that necessary

Answer: Document code is a common way organizations adopt to organize and control documentation, but it is not mandatory according ISO 27001, so you do not have to create one if your organization does not see reason to.

Included in the toolkit you bought you have access to video tutorials that will help you write the project plan and the document control procedure.

These materials will also help you regarding documentation:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 20, 2017

Nov 20, 2017

Suggested Topics

Guest user Created:   Sep 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   May 28, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   Mar 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content