Guest
A.12.5.1 concepts
I have a question about control A.12.5.1: what does „software on systems in the organisation“ mean and include? Does it include the workstation of the employees too?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Nov 06, 2018
Answer:
"... software on operational systems.", as part of the description of control A.12.5.1 (Installation of software on operational systems) of ISO 27001 Annex A, refers to any software that is used in normal daily operations of an organization. This includes either software used on datacenters (e.g., database management systems, corporate backup software, etc.), as well as software used on employees workstations (e.g., e-mail clients, word processors, etc.).
For examples of implementation to support this control I suggest these materials:
- How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/
- Implementing restrictions on software installation using ISO 27001 control A.12.6.2 https://advisera.com/27001academy/blog/2016/02/08/implementing-restrictions-on-software-installation-using-iso-27001-control-a-12-6-2/
Comment as guest or Sign in
Nov 06, 2018
Nov 06, 2018
Nov 06, 2018