Consultation to ISO 27001 documentation
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1. Within the points that are detailed in the ISO 27001 templates, there is no point related to sanctions, it is possible to place this point within the corresponding documents, to detail which are the (labor) reprimands that would be obtained by the Failure to comply with any of the guidelines of X Policy.
A reference to the disciplinary process is included in the Incident Management Procedure, section 3.6 – Disciplinary actions. This folder is located in folder 08 Annex A Security Controls >> A.16 Information Security Incident Management.
As a suggestion you may also consider including reference to sanctions in the following documents:
- Confidentiality Statement, included in folder 08 Annex A Security Controls >> A.7 Human Resource Security
- Statement of Acceptance of ISMS Documents, included in folder 08 Annex A Security Controls >> A.7 Human Resource Security
- Employment contract, as defined by the organization's HR department
For further information, see:
- What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/
2. I have another query: Within the Business Impact Questionnaire, this must be done for each activity that is managed in the organization or several activities can be placed in a single questionnaire. If the answer is YES, please indicate how to place this.
Our recommendation is to perform BIA for each department, so you can use a single BIA questionnaire for activities from the same department
For example, you may use a single questionnaire to cover activities from the HR department (e.g., payroll, benefits, training, etc.), but it is not recommended to use one questionnaire to cover HR and SW development activities.
You can use the Activity description field in the BIA questionnaire form to specify which activities are included in the questionnaire.
For further information, see:
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
Comment as guest or Sign in
Jun 17, 2022