Hello, dear Advisera support,
I read description of these two controls: 11.2.8 Unattended user equipment and 11.2.9 Clear desk and clear screen policy. What is the difference? Are they not the same? As I see, the Implementation method for us for these two controls is the same: Clear desk and clear screen policy.
Thank you!
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Please note that while control A.11.2.8 aims at equipment (e.g., computers and mobile devices), control A.11.2.9 has a wider coverage, including papers, removable storage media, and other equipment normally found on workstations (e.g., photocopiers).
In a sense, you can think that control A.11.2.8 can be used to implement a part of control A.11.2.9.
This article will provide you a further explanation about clear desk policy and clear screen policy:
- Clear desk and clear screen policy – What does ISO 27001 require? https://advisera.com/27001academy/blog/2016/03/14/clear-desk-and-clear-screen-policy-what-does-iso-27001-require/
This material will also help you regarding clear desk policy and clear screen policy:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Dec 02, 2020