Introduction
In this tutorial we are going to cover ISO 27001 Documented Information.
You will learn
- What it is ISO 27001 Documented Information
- How to implement ISO 27001 Documented Information
Table of contents
The Ultimate ISO 27001 Toolkit
All of the ISO 27001 Documentation you need is in the ultimate ISO 27001 Toolkit.
Designed to fast track and provided everything that is required in the format that is required.
DO IT YOURSELF ISO 27001
All the templates, tools, support and knowledge you need to do it yourself.
Implementation Guide
The requirement is that you need documents. The ISO 27001 Toolkit contains all of the documents that you do need.
You can take a look at the ISO 27001 toolkit and if you want to know what those documents are rather than me regurgitate existing content take a look at this particular video The Grand Tour of the ISO 27001 Toolkit.
The point here is it wants the documents required by the management system.
The notes that it gives us here is the extent of the documented information can differ depending on size.
You are going to have your documentation based on
- your size
- your activity
- your products
- your services
- the complexity of who you are
- your processes
- and the competency of persons.
ISO 27001 Creating and Updating Documented Information
The Requirement
When creating and updating documented information the organisation shall ensure appropriate identification and description – e.g. a title, a date, an author or a reference number. It will ensure appropriate format, language, software, version, graphics and media and it will review and approve for suitability and adequacy.
How to implement it
If you followed any of my videos you see that all of my documents have
- Version Control
- Classification
- Document Owner
- Last Review Date.
You’re going to make sure that you have all that in place. You’re going to make sure that you review and approve your documentation on a periodic basis and at least annually.
Documented information required by the information security management
The Requirement
Documented information required by the information security management system (ISMS) and by this document shall be controlled to ensure it is available and suitable for use, no brainer, where and when it is needed, of course, and it is adequately protected, of course, from loss of confidentiality and proper use or loss of Integrity. For the control of documented information the organisation shall address the following activities as applicable – distribution, access, retrieval and use, storage and preservation, control of changes and retention and disposal of. Documented information of external origin determined by the organisation to be necessary for the planning and operation of the information security management system (ISMS) shall be identified as appropriate and controlled.
How to implement it
Control your documentation. Make sure you’re putting it on your document storage and that you’re following your usual access control. You will make sure
- you’re backing it up
- it is appropriate
- your version control is correct
- that you’re keeping your revision history.
Nice, easy, control of documentation.
Documents and Record Policy
You will implement a topic specific documents and record polciy.
Implementation Summary
What I would say here is a full page of information not really telling you very much, you know how to manage documents, you know how to store them, you know how to grant access, you know how to back them up. Disaster Recovery you know that. What might be new to you here is document markup with the Version Control, the classification, the document owner. That’s fine make sure that your documents have that and make sure that you have a process of approval in place.
Get a copy of the ISO 27001 toolkit. Look through the ultimate guide, the ISO 27001 Documents Grand Tour Video that shows you what documents that you need, as a minimum grab yourself a copy of the document and records policy that shows you a bare minimum what you need to do.
ISO 27001 Documented Information Training Video
If you prefer to watch rather than read you can watch: How to implement ISO 27001 Clause 7.5 Documented Information | Step-by-Step Guide