1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Should a policy contain the ISO Annex A control name?

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Arjun Nayak, Jul 8, 2021.

Tags:
?

Should a policy contain the ISO control name?

  1. Yes, include the Annex A control name in the policy document

  2. No, do not mention the Annex A control name in the policy document

Results are only viewable after voting.
  1. Arjun Nayak

    Arjun Nayak New Member

    Joined:
    Jul 8, 2021
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hello - We are implementing ISO 27001 on a small organization.

    When formulating a new policy is it good practice to include the ISO Annex A Control number and name in a separate section in the policy itself?

    Thinking this would help us to keep track of which controls are covered in a certain policy.

    Please let me know your thoughts. Thanks!
     
    Arjun Nayak, Jul 8, 2021
    #1
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,109
    Likes Received:
    2,562
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I wouldn't, as a rule, connect anything to/from an ISO standard through such references. Do it in a separate list or spreadsheet for simple tracking. Although the Annex SL for ISO Management standards, such as 27001 and 9001 etc may not change much/often, it will still cause unnecessary work for someone, one day.
     
    Andy Nichols, Jul 9, 2021
    #2
    Arjun Nayak likes this.
  3. Lennart Ljungh

    Lennart Ljungh Member

    Joined:
    May 23, 2017
    Messages:
    8
    Likes Received:
    3
    Trophy Points:
    2
    Location:
    Gräddö, Sweden
    As @Andy Nichols says, it may cause a future problem. I can't see a benefit referring to the controls in a policy. Why not add a document reference column in tha SOA?
     
    Lennart Ljungh, Jul 10, 2021
    #3
    Arjun Nayak likes this.