Human Resources Policy

1 - In designing an ISMS to ISO 27001 standards, are this non security related policies included or excluded?

You need to evaluate if these policies define some sort of usage or handling of information included in the ISMS scope (for example, the Car Allowance Policy may require the user to provide information about his driver's license, and this information is included in the ISMS scope). The policies which define usage or handling of information Included in the ISMS scope need to be included in the ISMS design.

2 - Another question. My new organization uses the Plan-Do-Check-Act (PDCA) to write individual security policies like the business continuity management policy etc.
My understanding is that the PCDA model is for the structure of the ISMS and not for individual policies. Am I wrong?

The PDCA model can be used either for the structure of the ISMS and for the development of individual documents, such as policies and procedures.

For further information, see:

• Has the PDCA Cycle been removed from the new ISO standards? https://advisera.com/27001academy/blog/2014/04/13/has-the-pdca-cycle-been-removed-from-the-new-iso-standards/
• How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/