My new organization has a lot of Human Resources policies like diversity and inclusivity policy, Car allowance policy, Dress code policy, etc., while ISO 27001 Human Resources security policies deals only with prior, during and after employment security.
1 - In designing an ISMS to ISO 27001 standards, are this non security related policies included or excluded?
2 - Another question. My new organization uses the Plan-Do-Check-Act (PDCA) to write individual security policies like the business continuity management policy etc.
My understanding is that the PCDA model is for the structure of the ISMS and not for individual policies. Am I wrong?