Skip to main content
The Evidence & Document Library is a centralized repository for all documentation supporting your ISO 27001 management system. You can upload, categorize, search, and link documents directly to specific ISO 27001 subclauses.

Document categories

Every document is assigned one of six categories:

Política

Information security policies and top-level directives.

Procedimiento

Step-by-step operational procedures.

Registro

Completed records and logs that demonstrate conformity.

Evidencia

Supporting evidence collected during audits or reviews.

Manual

Manuals and reference documents.

Acta

Meeting minutes and formal agreements.
The top of the Evidence page shows summary cards with the total document count for each category so you can quickly assess coverage.

Adding a document

1

Open the Evidence module

Navigate to Evidence in the left sidebar.
2

Click Add Document

Select Add Document to open the document entry modal.
3

Fill in the document details

Complete the required fields in the modal:
FieldDescription
NameDocument title (e.g., Política de Seguridad de la Información)
CategorySelect from the six document categories
DescriptionBrief summary of the document’s purpose
Related toLink to a specific ISO 27001 subclause (e.g., 4.1)
VersionDocument version number (e.g., 1.0)
File nameName of the physical file, if applicable
4

Save the document

Click Save. The document appears in the library and the category summary card updates its count.
ISOwl stores document metadata and subclause links. File upload stores the file name reference. Ensure you maintain the actual document files in your organization’s file management system.

Searching and filtering

The library provides two ways to narrow down documents:
  • Search by name — Type in the search bar to filter documents by their title in real time.
  • Filter by category — Use the category dropdown to display only documents of a specific type.
Both filters can be combined to quickly locate a specific document.

Deleting a document

To delete a document, hover over its row in the library table. A trash icon appears on the right side of the row. Click it to remove the document.
Users with the AUDITOR role cannot delete documents. Only users with Editor or Administrator roles can remove records from the library.

Linking documents to ISO 27001 clauses

Each document can be linked to a subclause of ISO 27001 via the Related to field. This creates a traceable connection between your documentation and the specific requirements it satisfies.
Link each policy or procedure to its primary ISO 27001 subclause. This makes it straightforward to demonstrate documentary evidence during audits.

Document data reference

Each document record contains the following fields:
FieldTypeExample
idstringEV001
namestringPolítica de Seguridad de la Información
categorystringPolítica
descriptionstringBrief description
relatedTostring4.1
fileNamestringpolitica-seguridad-v1.pdf
versionstring1.0
uploadedAtISO date2025-01-15T10:30:00.000Z

Frequently asked questions

There is no hard limit on the number of document records. The summary cards update automatically as you add or remove documents.
Delete is only available on hover for users with Editor or Administrator roles. Auditor-role users do not have delete permissions and will not see the trash icon.
Yes. The Base Documental KPI on the Security Metrics dashboard reflects the total count of records in the Evidence library.

Build docs developers (and LLMs) love

Get started for freeTalk to us