SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

What to do with legacy documents & materials

  Quote
Guest
Guest user Created:   Feb 15, 2022 Last commented:   Feb 15, 2022

What to do with legacy documents & materials

1 - I am looking at our options in regards to planning a roll out of an information classification and retention policies and tools to withing our organization to help users identify, classify, and protect sensitive data and assets for ISO 27001. Currently we have been filing all our information haphazardly in Dropbox. No standards. No management of the Dropbox folders ... so it's a mess. With 27001 we plan to setup a new structure in Dropbox and migrate/convert the Company documents/assets into the ring-fenced folders, and then freeze the existing Dropbox folders, with a long term objective of sun-setting the content. Is there a tried and tested method for this task. We have limited resources so it will take time to do. 2 - My other question is, will the auditors want to look at the legacy materials. Our aim is to put an ISO stake in the ground and have all relevant / supporting PowerX docs filed in the new folder structure. For ISO 27001 we will use Dropbox as the DMS, but will most likely migrate to alternative Apps/Software, such as Conformio in 2023.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 15, 2022

1 - I am looking at our options in regards to planning a roll out of an information classification and retention policies and tools to withing our organization to help users identify, classify, and protect sensitive data and assets for ISO 27001.

Currently we have been filing all our information haphazardly in Dropbox. No standards. No management of the Dropbox folders ... so it's a mess. With 27001 we plan to setup a new structure in Dropbox and migrate/convert the Company documents/assets into the ring-fenced folders, and then freeze the existing Dropbox folders, with a long term objective of sun-setting the content.

Is there a tried and tested method for this task. We have limited resources so it will take time to do.

To build a structure that is sound for your business you can consider at least these approaches:

  • organize documents by organizational units (i.e., which areas need access to which documents)
  • organize documents by processes (i.e., which documents need to be accessed to cover related steps to deliver a defined result – e.g., documents related to payroll)
  • organize documents by roles (i.e., which people needs access to which documents)

Considering that, you should follow these steps:  

  1. list all documents that need to be accessed
  2. identify the documents according to defined criteria
  3. create specific folders to group documents that have similar criteria

The toolkits you’ve bought are an example of the organization by process (from document management to corrective actions). You can use them to organize your documents, or as a template to build your own structure.

2 - My other question is, will the auditors want to look at the legacy materials. Our aim is to put an ISO stake in the ground and have all relevant / supporting PowerX docs filed in the new folder structure. For ISO 27001 we will use Dropbox as the DMS, but will most likely migrate to alternative Apps/Software, such as Conformio in 2023.

Auditors will be looking for legacy materials only if they are previous versions of documents being used by the time of the audit, to check if document management criteria related to change control are being fulfilled (e.g., document review, change control, etc.).

For example, if your current Access control policy is an update of a legacy Access control policy, the auditor may want to see this document. On the other hand, if the legacy documents include a Backup policy related to a technology that was discontinued by the time the implementation of the ISMS started, there is no need to access this document.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 15, 2022

Feb 15, 2022

Suggested Topics