As ISO27001 states it is about protecting the confidentiality, integrity and availability of our information and data, all our Document Management Systems are in our ISMS scope. Therefore, I am struggling to understand why in the Procedure of Document and Records Control it only refers to documents and records as information and data are not just in documents and records. Information and data are also within content held on pages that we have on Confluence. So, in my mind, the Procedure for Document and Records Control should be the Procedure for Document, e-content pages and Records control.
I have chosen the use of e-content pages as a term here for the sake of creating something in the absence of knowing an alternative, but that may not be the most recognised/or best term to use. What would you propose? e-page? e-content page? information e-page?
My understanding is that information and data held within content on a Confluence page, is not a record as the information provided within the e-content on the Confluence page can be added to and edited. It is not a document as it is not in a recognised document format such as word, pdf, excel, PowerPoint.
Assign topic to the user
Please note that broadly speaking, documents and records are media where information is stored/written, the difference between them being that one can be updated and the other cannot.
Considering that, Confluence pages also can be considered documents or records, and you can use the procedure for document and record control as it is to also manage them. To cover this situation you can define that documents are those on physical and word, pdf, excel, PowerPoint, and web page format.
In case you have more questions about documents/records management, I suggest you to schedule a call to clarify all the issues you have. This is the link to schedule a call with one of our experts: https://advisera.com/27001academy/consultation/
Comment as guest or Sign in
Sep 19, 2020