Templates for controls from Annex A
Just 2 more questions please:
Regarding the 27001 security control ANNEX 7 ‘SYSTEM ACQUISITION, DEVELOPMENT & MAINTENANCE) ’ do you have one single document that addresses this particular control? If not, which selection of documents do I need to purchase to address these requirements?
Likewise, Is there one single document that covers Annex 7 – HUMAN RESOURCE SECURITY?
Assign topic to the user
1 - Regarding the 27001 security control ANNEX 7 ‘SYSTEM ACQUISITION, DEVELOPMENT & MAINTENANCE) ’ do you have one single document that addresses this particular control? If not, which selection of documents do I need to purchase to address these requirements?
Answer: We do not have a single template covering the controls of this section. To address controls from Annex A section 14 we have these templates:
- For control A.14.2.4: Security Procedures for IT Department (https://advisera.com/27001academy/documentation/security-procedures-for-it-department/) and Change Management Policy (https://advisera.com/27001academy/documentation/change-management-policy/)
- For controls A.14.1.2, A.14.1.3, A.14.2.1, A.14.2.2, A.14.2.5, A.14.2.6, A.14.2.7, A.14.2.8, A.14.2.9, A.14.3.1: Secure Development Policy (https://advisera.com/27001academy/documentation/secure-development-policy/)
- For control A.14.1.1: Specification of Information System Requirements (https://advisera.com/27001academy/documentation/specification-of-information-system-requirements/)
- For control A.14.2.7: Supplier Security Policy (https://advisera.com/27001academy/documentation/supplier-security-policy/) and Security Clauses for Suppliers and Partners (https://advisera.com/27001academy/documentation/security-clauses-for-suppliers-and-partners/)
For further information, see:
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
2 - Likewise, Is there one single document that covers Annex 7 – HUMAN RESOURCE SECURITY?
Answer: We do not have a single template covering the controls of this section. To address controls from Annex A section 7 we have these templates:
- For control A.7.1.2: Confidentiality Statement (https://advisera.com/27001academy/documentation/confidentiality-statement/), Statement of Acceptance of ISMS Documents (https://advisera.com/27001academy/documentation/statement-of-acceptance-of-isms-documents/), Supplier Security Policy (https://advisera.com/27001academy/documentation/supplier-security-policy/) and Security Clauses for Suppliers and Partners (https://advisera.com/27001academy/documentation/security-clauses-for-suppliers-and-partners/)
- For controls A.7.1.1 and 7.2.2: Supplier Security Policy (https://advisera.com/27001academy/documentation/supplier-security-policy/)
-For control A.7.2.3: Incident Management Procedure (https://advisera.com/27001academy/documentation/incident-management-procedure/)
Thank you Rhand. I've got one more question please: Which document would cover the following topics please:
1. Employee Screening
2. Terms and Conditions of Employment
3. Termination or Change of Employment Responsibilities
Many thanks in advance, Stefan
In general, these topics are already covered by the daily activities of an HR area of an organization (they are part of its core activities), so we do not provide related templates to not add unnecessary administrative effort to the ISMS (you can adopt the documents you already have and only adjust them to the requirements of related ISO 27001 controls).
In case you do not have such documents, you can contact us through email or online meeting, so we can help you develop such documents.
Comment as guest or Sign in
Apr 03, 2020