>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SG-03Document Control

>Control Description

Organization's document management criteria is periodically reviewed, approved by management, and communicated to authorized personnel; management determines the treatment and retention of documentation according to legal and regulatory requirements.

Theme

Process

Type

Preventive

Policy/Standard

Information Security Management Standard

>Implementation Guidance

1. Ensure that the organization has a well defined and documented document management criteria. 2. Ensure that the criteria is reviewed and approved by the management periodically. 3. Ensure that the criteria is communicated to authorized personnel. 4. Ensure that the documentation is treated and retained according to legal and regulatory requirements.

>Testing Procedure

1. Inspect the organization's policy and/or standard to validate that the organization has a well defined and documented document management criteria. 2. Validate that the criteria is reviewed and approved by the management periodically. 3. Validate whether the criteria is communicated to authorized personnel. 4. Validate for a sample documentation that it is treated and retained according to legal and regulatory requirements.

>Audit Artifacts

E-SG-01
E-SG-05
E-SG-06

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

PCI DSS
24

1.1
1.1.1
2.1
2.1.1
3.1
3.1.1
+18 more

BSI C5
1

SP-01

Ask AI

Configure your API key to use AI features.