ISO/IEC 27000 Disciplinary Process, v2022
Specifies requirements in accordance with the security and privacy controls specified by ISO/IEC Publication 27001:2022, related to disciplinary process.
Assessment Step
|
1
Disciplinary Process (DisciplinaryProcess)
Has the organization formalized and communicated a disciplinary process to take action against personnel and relevant interested parties who violate the information security policy?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
|
Disciplinary Process
A disciplinary process shall be formalized and communicated to take actions against personnel and other relevant interested parties who have committed an information security policy violation.
Citations
27001
Annex A, Control 6.4
27002
Section 6.4
|