Expert Advice Community

Guest

Templates for controls from Annex A

  Quote
Guest
Guest user Created:   Mar 31, 2020 Last commented:   Apr 03, 2020

Templates for controls from Annex A

Just 2 more questions please:

Regarding the 27001 security control ANNEX 7 ‘SYSTEM ACQUISITION, DEVELOPMENT & MAINTENANCE) ’ do you have one single document that addresses this particular control? If not, which selection of documents do I need to purchase to address these requirements?
Likewise, Is there one single document that covers Annex 7 – HUMAN RESOURCE SECURITY?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 31, 2020

 1 - Regarding the 27001 security control ANNEX 7 ‘SYSTEM ACQUISITION, DEVELOPMENT & MAINTENANCE) ’ do you have one single document that addresses this particular control? If not, which selection of documents do I need to purchase to address these requirements?

Answer: We do not have a single template covering the controls of this section. To address controls from Annex A section 14 we have these templates:
- For control A.14.2.4: Security Procedures for IT Department (https://advisera.com/27001academy/documentation/security-procedures-for-it-department/) and Change Management Policy (https://advisera.com/27001academy/documentation/change-management-policy/
- For controls A.14.1.2, A.14.1.3, A.14.2.1, A.14.2.2, A.14.2.5, A.14.2.6, A.14.2.7, A.14.2.8, A.14.2.9, A.14.3.1: Secure Development Policy (https://advisera.com/27001academy/documentation/secure-development-policy/)
- For control A.14.1.1: Specification of Information System Requirements (https://advisera.com/27001academy/documentation/specification-of-information-system-requirements/)
- For control A.14.2.7: Supplier Security Policy (https://advisera.com/27001academy/documentation/supplier-security-policy/) and Security Clauses for Suppliers and Partners (https://advisera.com/27001academy/documentation/security-clauses-for-suppliers-and-partners/)

For further information, see:
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/blog/2017/01/24/how-to-integrate-iso-27001-a-14-controls-into-the-system-software-development-life-cycle-sdlc/

2 - Likewise, Is there one single document that covers Annex 7 – HUMAN RESOURCE SECURITY?

Answer: We do not have a single template covering the controls of this section. To address controls from Annex A section 7 we have these templates:
- For control A.7.1.2: Confidentiality Statement (https://advisera.com/27001academy/documentation/confidentiality-statement/), Statement of Acceptance of ISMS Documents (https://advisera.com/27001academy/documentation/statement-of-acceptance-of-isms-documents/), Supplier Security Policy (https://advisera.com/27001academy/documentation/supplier-security-policy/) and Security Clauses for Suppliers and Partners (https://advisera.com/27001academy/documentation/security-clauses-for-suppliers-and-partners/)
- For controls A.7.1.1 and 7.2.2: Supplier Security Policy (https://advisera.com/27001academy/documentation/supplier-security-policy/)
-For control A.7.2.3: Incident Management Procedure (https://advisera.com/27001academy/documentation/incident-management-procedure/)

Quote
0 1
Guest
Stefan Mar 31, 2020

Thank you Rhand. I've got one more question please: Which document would cover the following topics please:

1.     Employee Screening
2.     Terms and Conditions of Employment
3.     Termination or Change of Employment Responsibilities

Many thanks in advance, Stefan

Quote
0 0
Expert
Rhand Leal Apr 03, 2020

In general, these topics are already covered by the daily activities of an HR area of an organization (they are part of its core activities), so we do not provide related templates to not add unnecessary administrative effort to the ISMS (you can adopt the documents you already have and only adjust them to the requirements of related ISO 27001 controls).

In case you do not have such documents, you can contact us through email or online meeting, so we can help you develop such documents.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 30, 2020

Apr 03, 2020

Suggested Topics

Guest user Created:   Apr 27, 2020 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 implementation

Guest user Created:   Jan 24, 2019 ISO 27001 & 22301
Replies: 1
0 0

Controls selection

Guest user Created:   Oct 08, 2021 ISO 27001 & 22301
Replies: 1
0 0

Needed Policies