ISO 27701, Clause 5.5.5 – Documented Information

ISO 27701 Controls and Clauses Explained

Book a demo

cropped,image,of,professional,businesswoman,working,at,her,office,via

Document control is a crucial part of any privacy protection system, or indeed any broader information security policy.

Throughout its various standards, ISO recognises document management as an ongoing process that is used to demonstrate adherence both to ISO standards, and the organisation’s own privacy protection objectives.

ISO asks organisations to not merely view documented information as an administrative function, but instead use it as a recurring means to improve privacy protection adherence through the structured storage of guidelines that provide clear direction on PII-related activities.

What’s Covered in ISO 27701 Clause 5.5.5

ISO 27701 5.5.5 deals with documented information through three sub-clauses. Each deals with a different set of privacy and PII specific guidance points that link back to ISO 27001:

  • ISO 27701 Clause 5.5.5.1 – General (References ISO 27001 Control 7.5.1)

  • ISO 27701 Clause 5.5.5.2 – Creating and updating (References ISO 27001 Control 7.5.2)

  • ISO 27001 Clause 5.5.5.3 – Control of documented information (References ISO 27001 Control 7.5.3)

ISO 27701 5.5.5 doesn’t contain any supplementary guidance on PIMS-specific requirements, nor is it particularly relevant to any specific GDPR articles.

Jump to Topic
Achieve ISO 27701 Success

See our platform in action with a tailored hands-on session based on your needs and goals.

Book your demo
img

ISO 27701 Clause 5.5.5.1 – General

References ISO 27001 Control 7.5.1

The organisation’s PIMS should include documented information that:

  • Is required for ISO 27701 and ISO 27001 adherence;

  • Improves the efficiency of the PIMS and accompanying privacy protection systems.

ISO 27701 Clause 5.5.5.2 – Creating and Updating

References ISO 27001 Control 7.5.2

Throughout the process of drafting and amending documentation, organisations should:

  1. Include a clear identifying field, with an accompanying description;

  2. Ensure that documents are formatted correctly and are available from the appropriate sources – both physical and electronic;

  3. Adhere to a structured amendment process that reviews documents based on their ability to convey the relevant information.

ISO 27701 Clause 5.5.5.3 – Control of Documented Information

References ISO 27001 Control 7.5.3

Organisation’s should exercise adequate levels of control and security over their internal document structure that ensures documents are:

  • Accessible, as and when required, by the relevant authorities and/or personnel.

  • Secure and protected against unauthorised use, breach of confidentiality or any other loss of data integrity;

ISO 27701 Control 5.5.5 asks organisations to consider four main activities, when exercising control over privacy protection-related documents:

  1. Distribution (including access and use).

  2. Storage (including document preservation).

  3. Version controls.

  4. Retention.

Alongside the management of internal documents, ISO asks organisations to consider how best to manage their interactions with and control of external documents that are required for the planning and implementation of a PIMS or other privacy/PII-related activities.

Supporting Controls From ISO 27001 and GDPR

ISO 27701 Clause IdentifierISO 27701 Clause NameISO 27001 RequirementAssociated GDPR Articles
5.5.5.1General7.5.1 – General Documentation for ISO 27001None
5.5.5.2Creating and Updating7.5.2 – Creating and Updating Documented Information for ISO 27001None
5.5.5.3Control of Documented Information7.5.3 – Control of Documented Information for ISO 27001None

How ISMS.online Helps

In order to achieve ISO 27701 you must build a Privacy Information Management System (PIMS).

With our preconfigured PIMS you can quickly and easily organise and manage customer, supplier and staff information to fully comply with ISO 27701.

See it in action with by booking a demo.

See ISMS.online
in action

Book a tailored hands-on session
based on your needs and goals
Book your demo

We’re cost-effective and quick

Discover how easy ISO 27701 is with ISMS.online
Get your quote

Explore ISMS.online's platform with a self-guided tour - Start Now