Information Security Policy

In the new ISO 27001:2013, clause 5.2 and A.5.1.1/A.5.1.2 controls are refer to the same thing: Information Security Policy. But, clause 5.2 describes the top-level Information security policy, while controls A.5.1.1 and A.5.1.2 speak about detailed security policies that cover certain areas of information security. Please, read this article for more information “One information Security Policy, or several policies”: https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/

What is your recommendation to record that employees were aware of the policies and other ISMS documents? 

Answer:

There are several ways, but I recommend you to perform training sessions (inviting to all staff). In this sessions you can present the ISMS, requirements, documents, records, etc. For each session, you can have a physical document with signature of attendance of all people. After each session, also you can d evelop a small test to evaluate the awareness of each employee (their results is a evidence). If you need information on how to perform training and awareness for ISO 27001, please read this article “How to perform training & awareness for ISO 27001 and ISO 22301”: https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/