Hi, we are a software development company following your templates to achieve ISO27k1.
Currently we have a visitors management system in place. Every visitor gets a badge and has to wear it constantly and some other rules apply of course.
My question is : where do I state the rules for visitors ? The "Procedure for working in secure areas" seems to be a document that describes only areas where the security measures are higher than the other areas. For example, we have selected our server room environment as a secure are and also the archives and ceo's office, since those are the places where documents are being held in a safe or cabinets with locks.
I would like to define and write down rules for visitors for common areas - like conference rooms, the developer's den, kitchen and WCs. Is there a suitable policy that exists in the realm of iso271k ( I've searched, but couldn't find a perfect match ) for such a purpose or should I create my own policy that might not be a part of the ISO 271k. What would be a good place to describe those rules ? We would like to use the ISO27k1 ISMS as backbone for security in the office and it seems like a good idea to have our visitors system integrated in the policies. Please advise. Thank you.