Expert Advice Community

Guest

Code of Conduct

  Quote
Guest
Guest user Created:   Nov 30, 2022 Last commented:   Nov 30, 2022

Code of Conduct

Hi Team, can you please let me know how I can create our Code of Conduct please? thanks.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 30, 2022

First is important to note that ISO 27001 does not require a Code of Conduct.

Regarding information security, all necessary security rules to be compliant with ISO 27001 are already covered through Conformio documentation (the document that covers general security rules for all employees is IT Security Policy), and writing another document to cover security rules would only increase administrative effort. 

In case you want to create a Code of Conduct to cover non-security topics, you should:

  • identify the practices and behaviors the organization expects from its employees, contractors, customers, and suppliers.
  • define how to approach these requirements considering the organizational culture and available resources

To help you with that you can assess legal requirements (e.g., laws, regulations, and contracts) the organization needs to fulfill, as well as map internal and external relationships you need to maintain.

Examples of topics to be considered are:

  • Unacceptable behaviors and their consequences
  • Legal compliance
  • Employee rights
  • On-the-job training guidelines
  • Internal practices (e.g., dress code, inclement weather policy, etc.)
  • External practices (e.g., contact with authorities, etc.)

This article will provide you with further explanation about developing documents (it is focused on the development of ISO 27001 documents, but you can apply these concepts for non-information security topics):

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 30, 2022

Nov 30, 2022

Suggested Topics