How to manage documents according to ISO 27001 and ISO 22301

Documents play an important role in any business. As a means to deliver or store information, documents help people and organizations show and understand what is needed, what to deliver, what to do, and how to do it, supporting the achievement of desired objectives and outcomes.

So, ensuring that documents are managed effectively is a process that should be considered carefully by organizations. But how best to do that? This article will present how to handle documents in the context of ISO 27001 and ISO 22301, the leading standards for information security and business continuity.

How must documents be managed according to ISO 27001 and ISO 22301?
  • Distribution, access, retrieval, and use requirements
  • Storage and preservation requirements
  • Control of changes
  • Retention and disposition requirements

What are documents?

The ISO 27001:2013 and ISO 22301:2019 standards speak about documents in the context of documented information – where documents refer to both information required by the standards (e.g., ISMS Scope and Information Security Policy), and those defined as needed by the organization so it can operate (i.e., support policies, procedures, plans, and other similar documents that need to be written).
Documents can be in various forms – paper documents, text or spreadsheet files, video, audio files, etc. Not only must an organization manage internal documents (for example, various policies, procedures, project documentation, etc.), but also external documents (for example, different types of correspondence, documentation received with equipment, etc.).

Here you’ll find a list of all mandatory documents according to these two standards: List of mandatory documents required by ISO 27001 (2013 revision) and Mandatory documents required by ISO 22301 – these articles identify the minimum documentation you need to maintain if you want to comply with these two standards, as well (Read more...)

*** This is a Security Bloggers Network syndicated blog from ISO 27001 & ISO 22301 Blog – 27001Academy authored by ISO 27001 & ISO 22301 Blog – 27001Academy. Read the original post at:

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)