Home / ISO 27001 Glossary of Terms / Documented operating procedures

Documented operating procedures

13/09/2025

Author: Stuart Barker | ISO 27001 Expert and Thought Leader

Documented operating procedures (or DOPs) are clear, written guides that explain how to perform a task. They help ensure tasks are done correctly, safely, and in the same way every time. They are often used in business, science, and technology to keep things consistent and reliable.

Examples

  • A recipe: A step-by-step guide for baking a cake is a kind of documented operating procedure. It tells you what ingredients to use and what to do with them, ensuring the cake comes out right.
  • Safety checklist: A list of steps a pilot follows before takeoff is a DOP. It helps make sure the plane is safe to fly.
  • How-to guide: Instructions for setting up a new computer are a DOP. They help the user get everything working correctly without any mistakes.

Context

DOPs are an important part of a company’s workflow, especially when it comes to keeping information safe. They help make sure that employees follow the right steps to protect data, use software correctly, and respond to problems in an organised way. They reduce mistakes and make training new employees easier.

Relevant ISO 27001 Controls

The following controls from the ISO/IEC 27001:2022 standard are related to documented operating procedures:

About the author

Stuart Barker is an information security practitioner of over 30 years. He holds an MSc in Software and Systems Security and an undergraduate degree in Software Engineering. He is an ISO 27001 expert and thought leader holding both ISO 27001 Lead Implementer and ISO 27001 Lead Auditor qualifications. In 2010 he started his first cyber security consulting business that he sold in 2018. He worked for over a decade for GE, leading a data governance team across Europe and since then has gone on to deliver hundreds of client engagements and audits.

He regularly mentors and trains professionals on information security and runs a successful ISO 27001 YouTube channel where he shows people how they can implement ISO 27001 themselves. He is passionate that knowledge should not be hoarded and brought to market the first of its kind online ISO 27001 store for all the tools and templates people need when they want to do it themselves.

In his personal life he is an active and a hobbyist kickboxer.

His specialisms are ISO 27001 and SOC 2 and his niche is start up and early stage business.