The document discusses ISO 27001 controls for information security policies and procedures during employment. It provides sample policies on data protection, anti-money laundering, fraud awareness, anti-bribery, and disciplinary processes. It also discusses the importance of regular security awareness training for employees on the organization's policies and procedures.
2. A.7.2.1 Management Responsibilities
Application of Information Security
Policies and Procedures of the Organization
Data Protection Policies
Anti Money Laundering Policies
ASP.NET software companies Indiahttp://www.ifourtechnolab.com
3. Sample Data Protection Policy
Data Controller
Data Protection Officer
Users
Personal Information
Sensitive Data
ASP.NET software companies Indiahttp://www.ifourtechnolab.com
4. Sample Anti Money Laundering Policy
Reject assets that are known or suspected to be the proceeds of criminal activity
Exit from business relationships with individuals or entities known or suspected to
be a terrorist or a criminal organisation or member of such or listed on sanction
lists
Don’t maintain anonymous accounts, accounts for banks or pay-through accounts
Don’t enter into relationships with clients from Special Risk Countries
Don’t enter into relationships with clients operating in prohibited industries
ASP.NET software companies Indiahttp://www.ifourtechnolab.com
5. A.7.2.2 Information Security Awareness, Education and
Training
Awareness through Education and Training
Regular Updates in Policies and Procedures
Relevance for job function
Fraud Awareness
Anti Bribery Education
ASP.NET software companies Indiahttp://www.ifourtechnolab.com
6. Sample Fraud Awareness Training
Theft
Payroll fraud
False Expense Reimbursements
False invoicing
ASP.NET software companies Indiahttp://www.ifourtechnolab.com
7. Sample Anti Bribery Education
Understanding and recognising bribery and corruption
Penalties
Key risk areas
Employee responsibility and how to raise a concern
ASP.NET software companies Indiahttp://www.ifourtechnolab.com
8. A.7.2.3 Disciplinary Process
Formal and communicated disciplinary process
Proper implementation of disciplinary process
ASP.NET software companies Indiahttp://www.ifourtechnolab.com
9. Sample Disciplinary Process
Principles
Informal Discussions
Verbal Warning
Written Warning
Final Written Warning
Gross Misconduct
Right to Appeal
ASP.NET software companies Indiahttp://www.ifourtechnolab.com
10. References
ASP.NET software companies India
https://www.dlapiperdataprotection.com/#handbook/data-protection-
officers-section/c1_IN
https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&sq
i=2&ved=0ahUKEwjDrKPs2J_MAhWF5qYKHXElDFUQFgg4MAM&url=http%3A
%2F%2Fwww.harrisvs.org.uk%2Fhome_htm_files%2FData%2520Protection%
2520Policy%2520Model%25202013.doc&usg=AFQjCNH-
258MmJ9tK5Nr0CW7TTRXpgvokA&bvm=bv.119745492,d.dGY&cad=rja
https://www.rbi.org.in/scripts/BS_ViewMasCirculardetails.aspx?id=8168
https://www.ncjrs.gov/fraudawareness/
http://www.ifourtechnolab.com
11. References Continued..
ASP.NET software companies India
http://www.ey.com/IN/en/Services/Assurance/Fraud-Investigation---
Dispute-Services/FIDS---A-step-towards-anti-bribery-and-corruption
http://www.smith.williamson.co.uk/anti-bribery-corruption-policy
https://www.google.co.in/search?q=sample+disciplinary+process&ie=utf-
8&oe=utf-8&gws_rd=cr&ei=7cMYV8fYGYXSmwWoqZigCg
https://www.db.com/en/media/Deutsche_Bank_Group_-
_Anti_Money_Laundering_Policy.pdf
http://www.utsystem.edu/cont/Training/FraudAwareness2014.pdf
http://www.ifourtechnolab.com