When to use this
Use this acknowledgement during onboarding, contractor setup, role change, or access expansion to record acceptance of security responsibilities.
Related controls
- A.6.2 Terms and Conditions of Employment
- Roles and Responsibilities
- Information Security Policy
- A.5.10 Acceptable Use of Information and Other Associated Assets
Acknowledgement checklist
- I understand my obligation to follow the organization’s information security policies and procedures.
- I understand my obligation to protect confidential and classified information.
- I understand acceptable-use requirements for organization systems and information.
- I understand my responsibility to protect authentication information and assigned assets.
- I understand my obligation to report suspected security incidents or weaknesses.
- I understand responsibilities that apply during remote work, customer-site work, or outside normal working hours where relevant.
- I understand consequences may apply if I do not meet security responsibilities.
Record
| Field | Value |
|---|---|
| Person or ID | TBD |
| Role | TBD |
| Personnel type | Employee / contractor / third-party |
| Related agreement | TBD |
| Effective date | TBD |
| Acknowledged by | TBD |
| Evidence location | TBD |
- Template
- Iso27001
- People controls
- Responsibilities
Note Metadata
Aliases: Security Responsibility Acknowledgement
Source: 90 Templates/Personnel Security Responsibility Acknowledgement.md
Related Notes
- Roles and Responsibilities
- ISO 27001 A.5.1 - Policies for Information Security
- ISO 27001 A.5.10 - Acceptable Use of Information and Other Associated Assets
- ISO 27001 A.6.2 - Terms and Conditions of Employment
- A.6 People Controls MOC
- A.6.2 Audit Evidence Pack
- A.6 People Controls Implementation Guide
- A.6 People Controls Implementation Audit Risk Mapping
- Templates MOC