Document Toolkit
Assign topic to the user
ISO 27001 does not prescribe how to implement a confidentiality agreement, so organizations can implement it as it best fits their needs.
Considering that, you can keep the confidentiality agreement in the employment contract.
Regarding the document content, please note that a confidentiality agreement is more than simply saying that the parts need to keep the information confidential. It also helps explain other things, like what is confidential information, what to do in case of information compromise, penalties in case of a breach, etc.
For further information, see:
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
Comment as guest or Sign in
Mar 28, 2022