Physical security policy and malware policy
Assign topic to the user
There is a set of controls related to the Physical security in the Annex A of the ISO 27001:2013: "A.11 Physical and environmental security", but you do not need a policy for this, neither is mandatory to have a document to implement those controls. Anyway, if you are interested in the physical security, please read this article Physical security in ISO 27001: How to protect the secure areas : https://advisera.com/27001academy/blog/2015/03/23/physical-security-in-iso-27001-how-to-protect-the-secure-areas/
Related to the malware, you can find in the Annex A of the ISO 27001:2013 the control "A.12.2.1 Controls against malware, but again it is not mandatory to have a document to implement this control. Anyway, you can establish a formal policy to prohibe the use of unauthorized software.
Finally I recommend you to re ad this article "How to structure the documents for ISO 27001 Annex A controls" : https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
Comment as guest or Sign in
Jan 12, 2016