The document discusses ISO 27001 controls for information security policies and procedures during employment. It provides sample policies on data protection, anti-money laundering, fraud awareness, anti-bribery, and disciplinary processes. It also discusses the importance of regular security awareness training for employees on the organization's policies and procedures.

1. iFour ConsultancyISO 27001 Control A.7.2 – During Employment

2. A.7.2.1 Management Responsibilities
Application of Information Security
Policies and Procedures of the Organization
Data Protection Policies
Anti Money Laundering Policies
ASP.NET software companies Indiahttp://www.ifourtechnolab.com

3. Sample Data Protection Policy
Data Controller
Data Protection Officer
Users
Personal Information
Sensitive Data
ASP.NET software companies Indiahttp://www.ifourtechnolab.com

4. Sample Anti Money Laundering Policy
 Reject assets that are known or suspected to be the proceeds of criminal activity
 Exit from business relationships with individuals or entities known or suspected to
be a terrorist or a criminal organisation or member of such or listed on sanction
lists
 Don’t maintain anonymous accounts, accounts for banks or pay-through accounts
 Don’t enter into relationships with clients from Special Risk Countries
 Don’t enter into relationships with clients operating in prohibited industries
ASP.NET software companies Indiahttp://www.ifourtechnolab.com

5. A.7.2.2 Information Security Awareness, Education and
Training
Awareness through Education and Training
Regular Updates in Policies and Procedures
Relevance for job function
Fraud Awareness
Anti Bribery Education
ASP.NET software companies Indiahttp://www.ifourtechnolab.com

6. Sample Fraud Awareness Training
Theft
Payroll fraud
False Expense Reimbursements
False invoicing
ASP.NET software companies Indiahttp://www.ifourtechnolab.com

7. Sample Anti Bribery Education
Understanding and recognising bribery and corruption
Penalties
Key risk areas
Employee responsibility and how to raise a concern
ASP.NET software companies Indiahttp://www.ifourtechnolab.com

8. A.7.2.3 Disciplinary Process
Formal and communicated disciplinary process
Proper implementation of disciplinary process
ASP.NET software companies Indiahttp://www.ifourtechnolab.com

9. Sample Disciplinary Process
Principles
Informal Discussions
Verbal Warning
Written Warning
Final Written Warning
Gross Misconduct
Right to Appeal
ASP.NET software companies Indiahttp://www.ifourtechnolab.com

10. References
ASP.NET software companies India
https://www.dlapiperdataprotection.com/#handbook/data-protection-
officers-section/c1_IN
https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&sq
i=2&ved=0ahUKEwjDrKPs2J_MAhWF5qYKHXElDFUQFgg4MAM&url=http%3A
%2F%2Fwww.harrisvs.org.uk%2Fhome_htm_files%2FData%2520Protection%
2520Policy%2520Model%25202013.doc&usg=AFQjCNH-
258MmJ9tK5Nr0CW7TTRXpgvokA&bvm=bv.119745492,d.dGY&cad=rja
https://www.rbi.org.in/scripts/BS_ViewMasCirculardetails.aspx?id=8168
https://www.ncjrs.gov/fraudawareness/
http://www.ifourtechnolab.com

11. References Continued..
ASP.NET software companies India
http://www.ey.com/IN/en/Services/Assurance/Fraud-Investigation---
Dispute-Services/FIDS---A-step-towards-anti-bribery-and-corruption
http://www.smith.williamson.co.uk/anti-bribery-corruption-policy
https://www.google.co.in/search?q=sample+disciplinary+process&ie=utf-
8&oe=utf-8&gws_rd=cr&ei=7cMYV8fYGYXSmwWoqZigCg
https://www.db.com/en/media/Deutsche_Bank_Group_-
_Anti_Money_Laundering_Policy.pdf
http://www.utsystem.edu/cont/Training/FraudAwareness2014.pdf
http://www.ifourtechnolab.com

12. Thanks
ASP.NET software companies India