ISO 27001 People Controls

Controls related to human resource security, including screening, training, and responsibilities. Covers 8 controls for managing people-related security risks.

Showing 8 controls in People Controls

A.6.1

Screening

To ensure that personnel are suitable for their roles and understand their responsibilities.

A.6.2

Terms and conditions of employment

To ensure personnel understand and accept their information security responsibilities.

A.6.3

Information security awareness, education and training

To ensure personnel are aware of and can fulfill their information security responsibilities.

A.6.4

Disciplinary process

To ensure there are consequences for information security policy violations.

A.6.5

Responsibilities after termination or change of employment

To protect the organization's interests after termination or change of employment.

A.6.6

Confidentiality or non-disclosure agreements

To maintain confidentiality of organizational information through legal agreements.

A.6.7

Remote working

To ensure information security when personnel work from remote locations.

A.6.8

Information security event reporting

To ensure timely awareness of security events and enable appropriate response.

Other Control Categories

Organizational Controls (37)

Physical Controls (14)

Technological Controls (34)