Section 7 of the new ISO 27001:2013 states the requirements for employers to present evidence of competence, awareness, and communication, relating to employees. There is also a requirement for documented information, which relates to the creation and updating of documented information, as well as their control.