Documented operating procedures (or DOPs) are clear, written guides that explain how to perform a task. They help ensure tasks are done correctly, safely, and in the same way every time. They are often used in business, science, and technology to keep things consistent and reliable.
Examples
- A recipe: A step-by-step guide for baking a cake is a kind of documented operating procedure. It tells you what ingredients to use and what to do with them, ensuring the cake comes out right.
- Safety checklist: A list of steps a pilot follows before takeoff is a DOP. It helps make sure the plane is safe to fly.
- How-to guide: Instructions for setting up a new computer are a DOP. They help the user get everything working correctly without any mistakes.
Context
DOPs are an important part of a company’s workflow, especially when it comes to keeping information safe. They help make sure that employees follow the right steps to protect data, use software correctly, and respond to problems in an organised way. They reduce mistakes and make training new employees easier.
Relevant ISO 27001 Controls
The following controls from the ISO/IEC 27001:2022 standard are related to documented operating procedures:
- ISO 27001 Annex A 5.37 Documented Operating Procedures: This is the main control that requires documented operating procedures to be in place.
- ISO 27001:2022 Clause 7.5.1 Documented Information: This control is the requirement to document the information security management system (ISMS).
- ISO 27001:2022 Clause 7.5.2 Creating and Updating Documented Information: This control is about having clear rules on how to create and update documents.
- ISO 27001 Clause 7.5.3 Control of Documented Information: This controls sets the rules for how to control access to documentation.