Hello, I have a question regarding the ISO 27001 certificate, does this certificate include AML policies?
Assign topic to the user
I’m assuming that by AML you mean Anti Money Laundry.
Considering that, ISO 27001 does not require AML to be implemented, and does not prescribe specific policies for AML, but by means of risk assessment and identification of applicable legal requirements (e.g., laws, regulations, and contracts), an organization can identify controls that can be used to develop policies and procedures for AML.
For example, ISO 27001 has controls that can be used to monitor suspect/unusual activities (controls from Annex A section A.12.4 Logging and monitoring), help gather information from authorities and special interest groups (controls A.6.1.3 Contact with authorities and A.6.1.4 Contact with special interest group), and ensure proper validation of systems and technologies prior to deployment (controls A.14.1.1 Information security requirements analysis and specification A.14.2.9 System acceptance testing).
This article will provide you a further explanation about controls selection:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Oct 22, 2021