Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

Expert Advice Community

Guest

Access control policy

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Access control policy

0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 12, 2016

I bought the document “Access Control Policy”. It is OK but the physical security is nearly not part of this document. The security area concept is necessary for ISO 27001. I try to search for a document to use it as base for my concept. But I was not able to find one. In the ISO 27002 it is defined to create such a concept with several areas (like Zone A, B or C) and to have a matrix which describe the restrictions in the areas. Maybe, such a document can be added to your portfolio.

 

Answer:

Thanks for your suggestions, but keep in mind that there are different things: “A.9 Access control” and “A.11 Physical and environmental security”. The document “Access Control Policy” is only for “A.9 Access control”, and for “A.11 Physical and environmental security” is not mandatory to have a document (See this list of mandatory and non mandatory documents “List of mandatory documents required by ISO 27001 (2013 revision)”: https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/). Any way, related with security areas, you can find in the standard the control A.11.1.5 Working in secure areas, and we have a template for this “Procedures for Working in Secure Areas” : https://advisera.com/27001academy/documentation/procedures-for-working-in-secure-areas/ I hope that it can help you with your concept.
Finally, this article can be also interesting for you "Physical security in ISO 27001: How to protect the secure areas" : https://advisera.com/27001academy/blog/2015/03/23/physical-security-in-iso-27001-how-to-protect-the-secure-areas/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics