Human Resource Policy in toolkit

Answer: The human resources requirements and most common controls used related to ISO 27001 are covered in documents "Training and Awareness Plan", "Confidentiality Statement", and "Statement of Acceptance of ISMS Documents". Other controls that are directly related to human resources are covered by documents like "Bring Your Own Device (BYOD) Policy" and "Acceptable Use Policy". You can find all this information in the "List of Documents" file that comes with your toolkit. It identifies which requirements and controls of the standard are covered by each document.

Regarding a Human Resource Policy, this document is not mandatory for ISO 27001, and it is not usually used by smaller companies, that's why we didn't include an specific template for the policy in the toolkit, but you can use the content of the templates your organization considers more relevant and merge them in a Human Resource Policy using our blank template.

This article will provide you further explanation about writing documents:
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/