Human Resources Policy
My new organization has a lot of Human Resources policies like diversity and inclusivity policy, Car allowance policy, Dress code policy, etc., while ISO 27001 Human Resources security policies deals only with prior, during and after employment security.
1 - In designing an ISMS to ISO 27001 standards, are this non security related policies included or excluded?
2 - Another question. My new organization uses the Plan-Do-Check-Act (PDCA) to write individual security policies like the business continuity management policy etc.
My understanding is that the PCDA model is for the structure of the ISMS and not for individual policies. Am I wrong?
Assign topic to the user
1 - In designing an ISMS to ISO 27001 standards, are this non security related policies included or excluded?
You need to evaluate if these policies define some sort of usage or handling of information included in the ISMS scope (for example, the Car Allowance Policy may require the user to provide information about his driver's license, and this information is included in the ISMS scope). The policies which define usage or handling of information Included in the ISMS scope need to be included in the ISMS design.
2 - Another question. My new organization uses the Plan-Do-Check-Act (PDCA) to write individual security policies like the business continuity management policy etc.
My understanding is that the PCDA model is for the structure of the ISMS and not for individual policies. Am I wrong?
The PDCA model can be used either for the structure of the ISMS and for the development of individual documents, such as policies and procedures.
For further information, see:
- Has the PDCA Cycle been removed from the new ISO standards? https://advisera.com/27001academy/blog/2014/04/13/has-the-pdca-cycle-been-removed-from-the-new-iso-standards/
- How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/
Comment as guest or Sign in
Oct 05, 2021