Documented requirements
Many of the requirements for documented procedures have changed from the 2008 version. However, fundamental criteria for the design or structure of documents remain and these include:-
- Approved access or permission levels to use or view documentation
- Controls
- Distribution of documents
- Formats
- Identification of documents
- Retrieval methods
In the standard’s new context of risk management organisations may need to consider how they identify critically important documentation, assess the risk levels, protect their information, maintain confidentiality and allocate responsibility for the use of documentation.
It could be interpreted as a broadening or an extension of the importance of electronic data management contained within the 2008 version and a way of encouraging organisations to pay greater attention to all documentation (information).
However, it may be too early in the implementation phase yet to obtain clear interpretations from auditors on how widely they’ll apply the new requirements for management of documentation. If organisations already have a mature certified system then current documentation requirements should be compliant.