SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Policies specific to HR & Admin

  Quote
Guest
Guest user Created:   Jan 21, 2022 Last commented:   Jan 28, 2022

Policies specific to HR & Admin

Where do I address ISO 27001 controls A7 & A11? Also is there a consolidated mapping in Conformio that can tell me what ISO clauses & controls have been covered through the documents created and what is still pending?  This will help me to validate whether we have met the required ISO 27001 needs.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 21, 2022

Documents related to Annex A sections A.7 and A.11 are:
For section A.7:

  • Confidentiality statement
    Statement of acceptance of ISMS documents

For section A.11:

  • Clear desk and clear screen policy
  • Disposal and destruction policy
  • Procedures for working in security areas

Please note that Conformio provides all mandatory documents and some documents that are not mandatory but are commonly adopted by organizations. Some of the controls of the sections you mentioned do not need to be documented according to the standard, and in our opinion, it would be an overhead to document each and every one of them in a small company.

Regarding progress mapping, please note you can find information on required documents progress in section “Reporting dashboard” >> “ISO 27001 Project Status Dashboard” >> “View more stats”. These documents cover those defined as mandatory by the standard and those related to the controls you stated as applicable in the Statement of Applicability. Regarding a specific mapping of documents and clauses and controls, this is an improvement feature we are working to be released soon.

This article will also help you: 

Quote
0 0
Guest
guest Jan 21, 2022

Hi, Could you please clarify what you mean by "Statement of acceptance of ISMS documents"?

Quote
0 0
Expert
Rhand Leal Jan 28, 2022

The "Statement of acceptance of ISMS documents" is the way used to enforce employees to observe all the documents prescribed by the organization in its information security management system.

In Conformio there is no such document because the information about which user read which document is tracked automatically by the platform and can be accessed when needed (i.e., instead of a static document which needs to be signed every time a new document is released, in Conformio this information is provided automatically as soon as the user reads the document).

You can see the details about which document was read, or not, by which user in the Responsibility Matrix, using the filter “One-time tasks” and searching for the title “Please read the document…”.

Additionally, this information can be tracked also within each step in the wizard by checking the Version history for this document.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 21, 2022

Jan 28, 2022

Suggested Topics

Guest user Created:   Mar 19, 2021 ISO 27001 & 22301
Replies: 3
0 0

ISO 27001 questions

Guest user Created:   May 08, 2022 ISO 27001 & 22301
Replies: 3
0 0

HIPAA & ISO27001