We are planning to submit a project to our managers about scanning all our offic

Question

We are planning to submit a project to our managers about scanning all our office papers and deal with PDF instead of physical-format documents.

For doing that, we are loooking for some support, if there is any, for claiming that scanning documents is a good practice that is aligned to ISO/IEC-27001 policies.

We know that the main purpose of an ISMS, based on ISO/IEC 27001 requirements, is to reduce the risk of losing information or unauthorized access to it.

However, do you think that we could align the activity of scanning documents with ISO/IEC 27001 recommendations?

We were thinking that getting PDF files reduce the risk of losing physical-format documents, because file backup procedures are more secure than protecting papers.

Explanation / Answer

In theory it is entirely possible that digitising paper documents could improve their overall security, but it depends on the specifics and how well protected/controlled the current environment is, and whether that will be improved once the new project is rolled out.

If you're looking to make this case, you could look at your organisations current risk register to see if there is anything there relating to storage and management of physical documents and then assess whether your project will address these risks. If it will then you could easily claim that the project is in-line with the goals of ISO27001.

Of course that could be slightly disingenuous as it doesn't take account of new risks being introduced by the project, but then hopefully you'll already have those under control in the project risk register.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.