ISMS/05-guidance/document-owner-guidance.md

# Document Owner Guidance

## Purpose

This guidance note helps document owners maintain ISMS documents consistently and with the right level of quality.

## Who This Is For

This note is for document owners, approvers, reviewers, and anyone asked to update controlled ISMS documents.

## What Good Looks Like

A well-maintained ISMS document should:

- reflect how BlackDice actually operates
- avoid invented tools, teams, or approvals
- use clear ownership and review dates
- align with the related policy, standard, procedure, or register
- be specific enough to guide behaviour without turning policy into procedure

## Practical Owner Checks

Before updating or approving a document, check:

- the metadata is complete and current
- the document purpose and scope still match reality
- cross-references point to the right current documents
- placeholders still in the document are genuinely unresolved
- statements about control operation are supportable with evidence
- the document still fits its type

Policy should say what BlackDice requires.

Standard should say what must be implemented.

Procedure should say how an activity is carried out.

Register or template should say what information must be recorded.

## When A Document Should Be Updated

Review or update the document when:

- the review date is due
- a control or process changes materially
- audit or incident findings show it is inaccurate
- ownership changes
- supplier, legal, or customer obligations materially change the requirement

## Common Mistakes To Avoid

- keeping placeholders that are already known
- writing future-state wording as if it is already operational
- duplicating the same requirement in too many places
- adding procedural detail into policy documents
- leaving evidence expectations unclear

## Related Documents

- `../../00-governance/document-and-records-control-standard.md`
- `../../00-governance/isms-manual.md`
- `../../00-governance/information-security-policy.md`