As ISO27001 states it is about protecting the confidentiality, integrity and availability of our information and data, all our Document Management Systems are in our ISMS scope. Therefore, I am struggling to understand why in the Procedure of Document and Records Control it only refers to documents and records as information and data are not just in documents and records. Information and data are also within content held on pages that we have on Confluence. So, in my mind, the Procedure for Document and Records Control should be the Procedure for Document, e-content pages and Records control.
I have chosen the use of e-content pages as a term here for the sake of creating something in the absence of knowing an alternative, but that may not be the most recognised/or best term to use. What would you propose? e-page? e-content page? information e-page?
My understanding is that information and data held within content on a Confluence page, is not a record as the information provided within the e-content on the Confluence page can be added to and edited. It is not a document as it is not in a recognised document format such as word, pdf, excel, PowerPoint.