Memory cues
| Control | Cue |
|---|---|
| A.6.4 Disciplinary Process | Security violations need a fair formal route |
| A.6.5 Responsibilities After Termination or Change of Employment | Leavers and movers must lose old access and keep continuing duties |
| A.6.6 Confidentiality or Non-Disclosure Agreements | Sign the right confidentiality agreement before disclosure |
What the exam is likely testing
- A.6.4 requires a formalized and communicated disciplinary process, not ad hoc manager action.
- A.6.4 should be evidence-based, fair, consistent, and proportionate.
- A.6.5 covers termination and role change; movers are a major trap.
- A.6.5 includes logical access, physical access, asset return, notifications, and continuing duties.
- A.6.6 requires identifying, documenting, regularly reviewing, and signing confidentiality/NDA agreements.
- A.6.6 agreements should reflect business, legal, contractual, and information security needs.
Quick comparison
| Question | A.6.4 | A.6.5 | A.6.6 |
|---|---|---|---|
| Main trigger | Security policy violation | Termination or role change | Need to protect confidential information |
| Main evidence | Process, criteria, case record, closure | Leaver/mover checklist, access removal, asset return | Signed NDA/register, legal review, review date |
| Main trap | Punishing without evidence or process | Ignoring movers | Generic NDA used without requirements analysis |
| Main owner | HR, legal, security, managers | HR, IT, facilities, managers | Legal, HR, procurement, information owners |
Practical mentor takeaway
Last-day cue
A.6.4 deals with violations, A.6.5 deals with ending or changing access/responsibility, and A.6.6 deals with confidentiality commitments before information is shared.
- Iso27001
- Exam
- People controls
Note Metadata
Aliases: A.6.4 A.6.5 A.6.6 exam cues
Source: 09-Exam-Preparation/EXAM-018-Disciplinary-Termination-and-Confidentiality.md