Document Control Register · Cenedril Wiki

The document control register is the index of all controlled documents in your ISMS. It shows at a glance which policies are in force, who owns them, which version is current and when the next review is due.

ISO 27001 Clause 7.5 (Documented Information) requires that documented information is identified, controlled and kept available. A.5.1 (Policies for Information Security) adds that the information security policy must be reviewed at planned intervals. The document control register is the operational tool that fulfils both requirements.

What does it contain?

Each row represents one controlled document. The columns:

Doc ID / Title / Type — unique identifier, title and document type (Policy, Procedure, Record, Form)
Owner / Approver — responsible person and approving authority
Version / Effective Date — current version number and date of effect
Last Review / Next Review — last review date and next due date
Classification / Distribution / Status — information classification, distribution list and current document status

How to use it

Initial population: Gather all existing ISMS documents and enter them with their current version and review status. Documents without a clear owner or without documented approval become immediately visible.

Ongoing maintenance: With every document change, update Version, Effective Date and Last Review. New documents receive a Doc ID and are added straight away.

Review cycle: Once a month (or quarter), filter the register for entries whose Next Review is due and initiate the review. This ensures no outdated policy stays in circulation.

Dok-ID	Titel	Typ	Eigentümer	Genehmiger	Version	Gültig ab	Letzte Prüfung	Nächste Prüfung	Klassifizierung	Verteiler	Status
POL-001	Informationssicherheitsrichtlinie	Richtlinie	ISB	CEO	2.0	2026-01-15	2026-01-15	2027-01-15	Intern	Alle Mitarbeitenden	Veröffentlicht
POL-002	Risikomanagement-Richtlinie	Richtlinie	ISB	CEO	2.0	2026-01-15	2026-01-15	2027-01-15	Intern	Alle Mitarbeitenden	Veröffentlicht
POL-003	ISMS-Governance-Richtlinie	Richtlinie	ISB	CEO	1.3	2025-10-01	2025-10-01	2026-10-01	Intern	Alle Mitarbeitenden	Veröffentlicht
POL-004	Richtlinie zur akzeptablen Nutzung	Richtlinie	ISB	CEO	2.1	2026-02-01	2026-02-01	2027-02-01	Intern	Alle Mitarbeitenden	Veröffentlicht
POL-005	Zugriffskontroll-Richtlinie	Richtlinie	ISB	IT-Betriebsleitung	2.0	2026-01-15	2026-01-15	2027-01-15	Intern	IT + Abteilungsleitungen	Veröffentlicht
POL-006	Richtlinie zur Personalsicherheit	Richtlinie	HR-Leitung	CEO	1.5	2025-11-01	2025-11-01	2026-11-01	Intern	HR + Alle Mitarbeitenden	Veröffentlicht
POL-007	Richtlinie zur Informationsklassifizierung und Kennzeichnung	Richtlinie	ISB	CEO	1.4	2025-09-15	2025-09-15	2026-09-15	Intern	Alle Mitarbeitenden	Veröffentlicht
POL-008	Richtlinie zum Informationstransfer	Richtlinie	ISB	CEO	1.2	2025-12-01	2025-12-01	2026-12-01	Intern	Alle Mitarbeitenden	Veröffentlicht
POL-009	Richtlinie zur Geschäftskontinuität	Richtlinie	BCM-Leitung	CEO	1.6	2026-02-15	2026-02-15	2027-02-15	Intern	Alle Mitarbeitenden	Veröffentlicht
POL-010	Richtlinie zur Lieferantensicherheit	Richtlinie	Einkaufsleitung	ISB	1.3	2025-11-20	2025-11-20	2026-11-20	Intern	Einkauf + Abteilungsleitungen	Veröffentlicht
POL-011	Richtlinie zu Security Operations	Richtlinie	ISB	CEO	1.4	2026-01-15	2026-01-15	2027-01-15	Intern	SecOps + IT	Veröffentlicht
POL-012	Richtlinie zu Rechten des geistigen Eigentums	Richtlinie	Legal	CEO	1.1	2025-07-01	2025-07-01	2026-07-01	Intern	Alle Mitarbeitenden	Veröffentlicht
POL-013	Richtlinie zu Informationssicherheit im Projektmanagement	Richtlinie	PMO-Leitung	ISB	1.0	2025-08-15	2025-08-15	2026-08-15	Intern	PMO + Projektleitungen	Veröffentlicht
POL-014	Richtlinie zu Telearbeit und BYOD	Richtlinie	ISB	HR-Leitung	1.5	2026-01-10	2026-01-10	2027-01-10	Intern	Alle Mitarbeitenden	Veröffentlicht
POL-015	Richtlinie zur physischen Sicherheit	Richtlinie	Facility-Leitung	ISB	1.2	2025-10-15	2025-10-15	2026-10-15	Intern	Facility + Empfang	Veröffentlicht
POL-016	Richtlinie zu Endpunktsicherheit und Malware-Schutz	Richtlinie	IT-Betriebsleitung	ISB	1.4	2025-12-15	2025-12-15	2026-12-15	Intern	IT + Alle Mitarbeitenden	Veröffentlicht
POL-017	Kryptographie-Richtlinie	Richtlinie	ISB	IT-Betriebsleitung	1.3	2025-11-01	2025-11-01	2026-11-01	Intern	IT + Entwickler	Veröffentlicht
POL-018	Richtlinie zu Datenlöschung Maskierung und Leckagevermeidung	Richtlinie	DSB	ISB	1.1	2025-09-01	2025-09-01	2026-09-01	Intern	Alle Mitarbeitenden	Veröffentlicht
POL-019	Richtlinie zum IT-Betrieb	Richtlinie	IT-Betriebsleitung	ISB	1.5	2026-02-01	2026-02-01	2027-02-01	Intern	IT	Veröffentlicht
POL-020	Richtlinie zu Konfigurations- und Änderungsmanagement	Richtlinie	IT-Betriebsleitung	ISB	1.3	2025-12-01	2025-12-01	2026-12-01	Intern	IT + Entwickler	Veröffentlicht
POL-021	Richtlinie zu sicherer Softwareentwicklung	Richtlinie	Head of Engineering	ISB	1.4	2026-01-20	2026-01-20	2027-01-20	Intern	Engineering	Veröffentlicht
PROC-001	Incident Response Plan	Verfahren	ISB	CEO	2.0	2026-03-01	2026-03-01	2027-03-01	Vertraulich	SecOps + IT	Veröffentlicht
PROC-002	Business Continuity Plan	Verfahren	BCM-Leitung	CEO	1.3	2026-02-20	2026-02-20	2027-02-20	Vertraulich	BCM-Team	Veröffentlicht
PROC-003	Disaster Recovery Plan	Verfahren	IT-Betriebsleitung	ISB	1.2	2026-02-20	2026-02-20	2027-02-20	Vertraulich	IT	Veröffentlicht
REC-001	Statement of Applicability	Aufzeichnung	ISB	CEO	3.0	2026-03-30	2026-03-30	2027-03-30	Intern	Auditoren + Geschäftsleitung	Veröffentlicht
REC-002	Risikoregister	Aufzeichnung	ISB	CEO	Live	2026-04-01	2026-04-01	Fortlaufend	Vertraulich	ISMS-Team	Live

Doc ID	Title	Type	Owner	Approver	Version	Effective Date	Last Review	Next Review	Classification	Distribution	Status
POL-001	Information Security Policy	Policy	ISO	CEO	2.0	2026-01-15	2026-01-15	2027-01-15	Internal	All employees	Published
POL-002	Risk Management Policy	Policy	ISO	CEO	2.0	2026-01-15	2026-01-15	2027-01-15	Internal	All employees	Published
POL-003	ISMS Governance Policy	Policy	ISO	CEO	1.3	2025-10-01	2025-10-01	2026-10-01	Internal	All employees	Published
POL-004	Acceptable Use Policy	Policy	ISO	CEO	2.1	2026-02-01	2026-02-01	2027-02-01	Internal	All employees	Published
POL-005	Access Control Policy	Policy	ISO	IT Operations Lead	2.0	2026-01-15	2026-01-15	2027-01-15	Internal	IT + Department Heads	Published
POL-006	HR Security Policy	Policy	HR Lead	CEO	1.5	2025-11-01	2025-11-01	2026-11-01	Internal	HR + All employees	Published
POL-007	Information Classification & Labelling Policy	Policy	ISO	CEO	1.4	2025-09-15	2025-09-15	2026-09-15	Internal	All employees	Published
POL-008	Information Transfer Policy	Policy	ISO	CEO	1.2	2025-12-01	2025-12-01	2026-12-01	Internal	All employees	Published
POL-009	Business Continuity Policy	Policy	BCM Lead	CEO	1.6	2026-02-15	2026-02-15	2027-02-15	Internal	All employees	Published
POL-010	Supplier Security Policy	Policy	Procurement Lead	ISO	1.3	2025-11-20	2025-11-20	2026-11-20	Internal	Procurement + Dept Heads	Published
POL-011	Security Operations Policy	Policy	ISO	CEO	1.4	2026-01-15	2026-01-15	2027-01-15	Internal	SecOps + IT	Published
POL-012	Intellectual Property Rights Policy	Policy	Legal	CEO	1.1	2025-07-01	2025-07-01	2026-07-01	Internal	All employees	Published
POL-013	Project Management Security Policy	Policy	PMO Lead	ISO	1.0	2025-08-15	2025-08-15	2026-08-15	Internal	PMO + Project Managers	Published
POL-014	Remote Working & BYOD Policy	Policy	ISO	HR Lead	1.5	2026-01-10	2026-01-10	2027-01-10	Internal	All employees	Published
POL-015	Physical Security Policy	Policy	Facilities Lead	ISO	1.2	2025-10-15	2025-10-15	2026-10-15	Internal	Facilities + Reception	Published
POL-016	Endpoint Security & Malware Protection Policy	Policy	IT Operations Lead	ISO	1.4	2025-12-15	2025-12-15	2026-12-15	Internal	IT + All employees	Published
POL-017	Cryptography Policy	Policy	ISO	IT Operations Lead	1.3	2025-11-01	2025-11-01	2026-11-01	Internal	IT + Developers	Published
POL-018	Data Deletion Masking & Leakage Prevention Policy	Policy	DPO	ISO	1.1	2025-09-01	2025-09-01	2026-09-01	Internal	All employees	Published
POL-019	IT Operations Policy	Policy	IT Operations Lead	ISO	1.5	2026-02-01	2026-02-01	2027-02-01	Internal	IT	Published
POL-020	Configuration & Change Management Policy	Policy	IT Operations Lead	ISO	1.3	2025-12-01	2025-12-01	2026-12-01	Internal	IT + Developers	Published
POL-021	Secure Development Policy	Policy	Head of Engineering	ISO	1.4	2026-01-20	2026-01-20	2027-01-20	Internal	Engineering	Published
PROC-001	Incident Response Plan	Procedure	ISO	CEO	2.0	2026-03-01	2026-03-01	2027-03-01	Confidential	SecOps + IT	Published
PROC-002	Business Continuity Plan	Procedure	BCM Lead	CEO	1.3	2026-02-20	2026-02-20	2027-02-20	Confidential	BCM team	Published
PROC-003	Disaster Recovery Plan	Procedure	IT Operations Lead	ISO	1.2	2026-02-20	2026-02-20	2027-02-20	Confidential	IT	Published
REC-001	Statement of Applicability	Record	ISO	CEO	3.0	2026-03-30	2026-03-30	2027-03-30	Internal	Auditors + Management	Published
REC-002	Risk Register	Record	ISO	CEO	Live	2026-04-01	2026-04-01	Continuous	Confidential	ISMS team	Live

Sources

ISO/IEC 27001:2022 Clause 7.5 — Documented Information
ISO/IEC 27001:2022 A.5.1 — Policies for Information Security

Frequently asked questions

Which documents belong in the register?

All documented information your ISMS requires: policies, procedures, records, forms and external reference documents (e.g. standards). Clause 7.5 distinguishes between documents you create and those you adopt from outside — both must be controlled.

How often should ISMS documents be reviewed?

ISO 27001 does not prescribe a fixed interval. Common practice: policies annually, operational procedures as needed (at least annually), records at every use. The register includes Last Review and Next Review columns to keep track.

Do I need a dedicated tool for document control?

For a small ISMS, a well-maintained register (CSV or spreadsheet) combined with a storage system that supports versioning (SharePoint, Confluence, Git) is sufficient. Beyond roughly 50 controlled documents, a specialised tool pays off because manual version control becomes error-prone.