Human Resource SecurityISO 27001 Annex A.7
A.7.1 Prior to employment
Objective: To ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.
Background verification checks on all candidates for employment shall be carried out in accordance with relevant laws, regulations
and ethics and shall be proportional to the business requirements, the classification of the information to be accessed and the perceived risks.
A.7.1.2 Terms and conditions of employment
The contractual agreements with employees and contractors shall state their and the organisation’s responsibilities for information
A.6.2 Mobile devices and teleworking
Objective: To ensure the security of teleworking and use of mobile devices
A.6.2.1 Mobile device policy
A policy and supporting security measures shall be adopted to manage the risks introduced by using mobile devices.
A policy and supporting security measures shall be implemented to protect information accessed, processed or stored at teleworking sites.
A.7.2 During employment
Objective: To ensure that employees and contractors are aware of and fulfil their information security responsibilities.
A.7.2.1 Management responsibilities
Management shall require all employees and contractors to apply information security in accordance with the established policies and procedures of the organization.
A.7.2.2 Information security awareness, education and training
All employees of the organization and, where relevant, contractors shall receive appropriate awareness education and training
and regular updates in organizational policies and procedures, as relevant for their job function.
A.7.2.3 Disciplinary process
There shall be a formal and communicated disciplinary process in place to take action against employees who have committed an information security breach.
A.7.3 Termination and change of employment
Objective: To protect the organization’s interests as part of the process of changing or terminating employment.
A.7.3.1 Termination or change of employment responsibilities
Information security responsibilities and duties that remain valid after termination or change of employment shall be defined, communicated to the employee or contractor and enforced.
Discover how you can save time & reduce management resource using ISMS.online to achieve & maintain your ISO 27001 ISMS
The ISO 27001 requirements are listed below:
- 4.1 Understanding the organisation and its context
- 4.2 Understanding the needs and expectations of interested parties
- 4.3 Determining the scope of the information security management system
- 4.4 Information security management system
- 5.1 Leadership and commitment
- 5.2 Information Security Policy
- 5.3 Organizational roles, responsibilities and authorities
- 6.1 Actions to address risks and opportunities
- 6.2 Information security objectives and planning to achieve them
- 7.1 Resources
- 7.2 Competence
- 7.3 Awareness
- 7.4 Communication (read 7.1 – 7.4 here)
- 7.5 Documented information
- 8.1 Operational planning and control
- 8.2 Information security risk assessment
- 8.3 Information security risk treatment
- 9.1 Monitoring, measurement, analysis and evaluation
- (read 9.1 – 9.3 here)
- 9.2 Internal audit
- 9.3 Management review
- 10.1 Nonconformity and corrective action
- 10.2 Continual improvement (read 10.1 – 10.2 here)
The ISO 27001 Annex A Controls are listed below:
- A.5 Information security policies
- A.6 Organisation of information security
- A.7 Human resource security
- A.8 Asset management
- A.9 Access control
- A.10 Cryptography
- A.11 Physical and environmental security
- A.12 Operations security
- A.13 Communications security
- A.14 System acquisition, development and maintenance
- A.15 Supplier relationships
- A.16 Information security incident management
- A.17 Information security aspects of business continuity management
- A.18 Compliance
Need a set of ISO 27001 policies for your ISMS?
ISMS.online includes practical policies and controls for your organisation to easily adopt, adapt and add to, giving you a
77% head start with ISO 27001