Scribd
Upload
55 views

Isms 27001 03 Control of Documents

This document outlines procedures for controlling documentation related to an Information Security Management System (ISMS). It describes procedures for approving, issuing, reviewing, updating, revising and maintaining control of ISMS documents and records. The goal is to ensure that only current and approved versions of documents are in use and obsolete versions are properly identified and stored. Responsibilities for preparing, approving, and issuing documentation at different levels are defined.

Uploaded by

Vino Artix
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
55 views

Isms 27001 03 Control of Documents

This document outlines procedures for controlling documentation related to an Information Security Management System (ISMS). It describes procedures for approving, issuing, reviewing, updating, revising and maintaining control of ISMS documents and records. The goal is to ensure that only current and approved versions of documents are in use and obsolete versions are properly identified and stored. Responsibilities for preparing, approving, and issuing documentation at different levels are defined.

Uploaded by

Vino Artix
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

DOC No: ISMSP

COMPANY NAME Issue No:00

LOGO INFORMATION SECURITY MANAGEMENT


Date: DD/MM/YYYY
Revision No:00

SYSTEM PROCEDURE Date: DD/MM/YYYY


Page 1 of 4

4. CONTROL OF DOCUMENTS

1. PURPOSE
To ensure that all ISMS documents are controlled by
a. Issuing them when authorized and ensuring their adequacy before approval
b. Reviewing, updating when necessary and re approving them
c. Changing in an authorized manner
d. Making available at the correct place of use
e. Ensuring their Legibility, identification, indexing & codification
f. Listing and preserving documents of external origin
g. Preventing unintended use of obsolete documents

2. SCOPE
This procedure covers approval, issue and change of the following documents and
Data:
- ISMS Manual
- ISMS Procedure
- Formats
-

3. RESPONSIBILITIES
The responsibility for maintaining this procedure is as detailed in table 1:

4. PROCEDURE
All levels of documents under the ‘ISMS’ shall be controlled to ensure satisfactory
performance and operation. All level 4 documents generated during the course of
the operation of the ISMS shall be written legibly and shall be properly filed. All
these files shall be numbered.
DOC No: ISMSP
COMPANY NAME Issue No:00

LOGO INFORMATION SECURITY MANAGEMENT


Date: DD/MM/YYYY
Revision No:00

SYSTEM PROCEDURE Date: DD/MM/YYYY


Page 2 of 4

a) Issue and Approval:


The MR shall ensure that only approved documents are issued to the user as
“control Copies” as per the ‘Distribution List’. This formal issue to the specified
individuals or location shall be done to ensure availability of relevant documents at
the respective places of use. All issues shall be recorded in the document issue
record and acknowledgement taken. The ‘ISMS’ manual shall be issued in full to all
personnel listed in the distribution list, but ht procedures and instructions shall be
issued, based on whether the particular procedures or instructions are applicable to
the concerned personnel’s area of work. All approved formats shall be available for
use but shall not be issued.

The manual, procedures, work instructions, inspection instructions, maintenance


instruction, calibration instructions, specifications and lists issued in separate files
shall have “Contents pages” at the beginning, listing all the documents of the type
available and shall also indicate which of documents have been issued to the
control copy holder and hence available in the control copy file issued.

b) Review, Update & Re-approval:


The first three levels of documents shall bear signatures for ‘Prepared by’ and
‘Approved by’ on all control copies but in the fourth level documents, only master
copies shall be signed for ‘Prepared by’ and ‘Approve by’. After any updations, the
documents shall once again be reviewed and reapproved by the same authority,
which had reviewed and approved the earlier document. All four levels of ‘ISMS’
documents shall be reviewed and approved by the following authorities at UI

Level Prepared by Approved by


1 Management Representative MD
2 Management Representative MD
3 Management Representative MD
4 Management Representative MD
DOC No: ISMSP
COMPANY NAME Issue No:00

LOGO INFORMATION SECURITY MANAGEMENT


Date: DD/MM/YYYY
Revision No:00

SYSTEM PROCEDURE Date: DD/MM/YYYY


Page 3 of 4

c) Changes and revision status identification:


Any person at XXXXX can initiate change in any level of document. By requesting
the change, the change suggested and its justification. This shall be forwarded to
the MR through the concerned area head or process owner. The MR will discuss
the change suggested and if found appropriate, shall modify the document
incorporating the change. After this the changed document shall be reapproved by
the same authority, which had reviewed and approved the earlier documents. The
changes could be initiated based on difficulties encountered; possibility of better or
improved practices, internal audits, external audits, etc.

d) Revision status:
Only those pages, which are amended or revised, shall be replaced and
corresponding obsolete pages withdrawn. The nature of change shall be
recorded in the amendment data record. The modified document shall be issued
and recorded in the document issue record.
After changes have been made, obsolete document and if the changes have
been initiated by an observation / Non Conformance Report NCR then this also,
shall be marked with a common number at the top right corner to inter-relate the
documents.

e) Documents of external origin:


The documents of external origin taken under control shall be entered in the list
of external origin documents, which include ‘National & International Standards’,
‘Customer Drawings’ and ‘Operation & Maintenance Manuals of Equipment’
(retained for reference only). The national & international standards shall be
verified for amendments or revision at-least once every year for ensuring
availability of latest amendments and revisions.
DOC No: ISMSP
COMPANY NAME Issue No:00

LOGO INFORMATION SECURITY MANAGEMENT


Date: DD/MM/YYYY
Revision No:00

SYSTEM PROCEDURE Date: DD/MM/YYYY


Page 4 of 4

f) Obsolete:
Whenever revised documents are formally issued to users, the corresponding
obsolete documents shall be withdrawn and destroyed. The formal handling over
of the current issue shall be recorded in the same format as for document issue.
One copy of all withdrawn documents shall be retained for knowledge purpose.
For this purpose the ‘MASTER COPY’ of the documents that became obsolete
shall be extracted from the master file and after striking off with pen across the
master copy stamp, and stamping them ‘SUPERSEDED COPY’, shall be shifted
to the obsolete documents file

5. RECORDS
SL.NO. DOC NO DOCUMENT/RECORD MAINTAINED BY
1. MLD Master list for Issue of PO
documents
2. MLED Master list of External origin PO
documents
Table1

Sl No Document Preparation Approval Issuing authority


1 ISMS Policy MR MD MR
2 ISMS manual MR MD MR
ISMS MD
3 Procedure MR MR
4 Format MR MD MR

You might also like