Access control policy
A.9.1.1 Access control policy control
- What exactly must be documented according to this control; What Procedures and Records?
- And what Standard means by “Formal process”?
Assign topic to the user
1. What exactly must be documented according to this control; What Procedures and Records?
To be compliant with this control, you have to document the rules for access to your systems, equipment, facilities, and information, based on business and security requirements for access (e.g., who can have access, who can authorize access, who can implement access, etc.). As for records, you need to keep evidence of access authorization and review).
In the Access Control Policy template included in your toolkit, located on folder 08 Annex A Security Controls >> A.9 Access Control you will find detailed comments on what you need to fill in.
This article will provide you further explanation about access control:
- How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
2. And what Standard means by “Formal process”?
A formal process means a process that is clearly defined to be followed (i.e., the recognized and required way to do something). Please note the a formal process may or may not be documented.
Great answer by referring to exactly where the topic document can be found with content. 👍
Comment as guest or Sign in
Dec 02, 2019