ISMS processes for personnel security
Assign topic to the user
Answer:
ISO 27001 ISMS processes are the same regardless to where they are applied once the ISMS scope is defined:
- Risk assessment and risk treatment, for identification of risks relevant to personnel security and definition of proper controls
- Controls implementation and operation, to effectively reduce risks to acceptable levels
- Performance evaluation, to check and verify if expected results are being achieved
- Improvement, by means of non conformities, corrective actions and continual improvement
Specifically for personnel security, main controls applied are terms and conditions of employment, and awareness and training.
These articles will provide you further explanation about awareness and training, and terms and conditions:
- What are the benefits of security awareness training for organizations? https://advisera.com/27001academy/blog/2019/03/27/what-are-the-benefits-of-security-awareness-training-for-organizations/
- What to consider in security terms and co nditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/
This material will also help you regarding awareness and training:
- Free Security Awareness Training: https://advisera.com/training/awareness-session/security-awareness-training/ - this is a series of 25 videos that cover various topics related to security.
Comment as guest or Sign in
Jul 23, 2019