Expert Advice Community

Home / ISO 27001 & 22301 / Defining controls

Guest

Defining controls

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jun 06, 2019 Last commented:   Jun 06, 2019

Defining controls

ISO 27001 & 22301
Our company has a platform developer team and web designer. For the sake of information security, do we have to isolate their work space (physically) ? Like put them into a restricted accessible room?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Jun 06, 2019

Answer:

According to ISO 27001, you only have to implement physical isolation, as well as other types of controls, in the following situations:
- There are unacceptable risks that justify the application of the control
- There are legal requirements (e.g., laws or contract clauses) to which the organization must comply with, that demands the application of the control
- There is a management decision to implement the control, by considering it as good practice.

If none of the above conditions happen, there is no need to implement a control.

This article will provide you further explanation about selecting controls:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 06, 2019

Jun 06, 2019

Suggested Topics
Guest user Created:   Dec 13, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISO/IEC 27001 Implementation
Guest user Created:   Feb 11, 2018 ISO 27001 & 22301
Replies: 1
0 0

ISMS boundaries definition
Guest user Created:   Mar 14, 2017 ISO 27001 & 22301
Replies: 1
0 0

Organizational controls