It is very common these days fro businesses to outsource software developement and have contractors work as part of a team. I am hoping for advice to control these developers...
We have several developers that are contractors but they are working as part of several internal teams. They are in a different country and have their own laptops, internet connections (and offices) - my company prefers not to purchase and provide a laptop and the deveopers prefer to use their own - but will not allow any software to be put on their laptops or to control their laptop in anyway.
As part of our ISO 27001 controls - they need access to our Microsoft Devops environment and also have access to outlook, teams and Sharepoint.
We are looking to put in place a rule (somehow - Azure or endpoint manager ??advice??). that says the laptop/computer must have encrypted drives, Antivirus, be up to date with O/S patches..... as a minimum to connect for standard development.
While not completely controlling the laptops/computers - would this be enough for most people to allow ?? Would this pass the general acceptability for most companies who have ISO 27001 ?
(We have a requirement already that access to live Private data or information would require a company owned laptop)
Any advice is welcome....
Define Locations if all staff are remote
I am unsure how to define/explain a location if all staff are working from home in the Scope.
Would you simply state locations as 'Various remote locations' or something different?