Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Access control policy

  Quote
Guest
Guest user Created:   Dec 02, 2019 Last commented:   Dec 02, 2019

Access control policy

I have few questions:

A.9.1.1 Access control policy control

  1. What exactly must be documented according to this control; What Procedures and Records?
  2. And what Standard means by “Formal process”?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 02, 2019

1. What exactly must be documented according to this control; What Procedures and Records?

To be compliant with this control, you have to document the rules for access to your systems, equipment, facilities, and information, based on business and security requirements for access (e.g., who can have access, who can authorize access, who can implement access, etc.). As for records, you need to keep evidence of access authorization and review).

In the Access Control Policy template included in your toolkit, located on folder 08 Annex A Security Controls >> A.9 Access Control you will find detailed comments on what you need to fill in.

This article will provide you further explanation about access control:
- How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/

2. And what Standard means by “Formal process”?

A formal process means a process that is clearly defined to be followed (i.e., the recognized and required way to do something). Please note the a formal process may or may not be documented.

Quote
0 2
ChristianCharles Dec 02, 2019

Great answer by referring to exactly where the topic document can be found with content. 👍

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 02, 2019

Dec 02, 2019

Suggested Topics