ISO personal certifications and Content for employees

Answer: There is one kind of certification issued to persons similar to COBIT Assessor: the ISO 20000 Lead Auditor certification. This certification recognizes its holder has demonstrated competence to audit a management system with ISO 20000 standard, which defines requirements for the management of IT services.

2. I work in HR and we are looking at ISO 27001, what is the requirement with regards to Staff Manual? We have ISMS policies in place but I wonder if there is anything required that needs to be included in the Staff Manual?

Answer: ISO 27001 has no specific requirements demanding a Staff Manual, but you should ensure it reflects the results of risk assessment and treatment, i.e., risks and controls that employees can directly interact with. Examples of content, as you pointed out, are the implemented security policies, but you can also include examples of risks and how manage them (e.g. how identify and handle social engineerig attacks). Additionally you can als o communicate the employees' responsibilities regarding information protection, the impacts of non conformities, and the importance to achieve the defined information security objectives. By using the Staff Manual this way you can cover requirements related to leadership commitment (clause 5.1) and communication (clause 7.4).

This article will provide you further explanation about what you should consider as content for a Staff Manual:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/