SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Guest

A.12.5.1 concepts

  Quote
Guest
Guest user Created:   Nov 06, 2018 Last commented:   Nov 06, 2018

A.12.5.1 concepts

I have a question about control A.12.5.1: what does „software on systems in the organisation“ mean and include? Does it include the workstation of the employees too?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 06, 2018

Answer:

"... software on operational systems.", as part of the description of control A.12.5.1 (Installation of software on operational systems) of ISO 27001 Annex A, refers to any software that is used in normal daily operations of an organization. This includes either software used on datacenters (e.g., database management systems, corporate backup software, etc.), as well as software used on employees workstations (e.g., e-mail clients, word processors, etc.).

For examples of implementation to support this control I suggest these materials:
- How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/
- Implementing restrictions on software installation using ISO 27001 control A.12.6.2 https://advisera.com/27001academy/blog/2016/02/08/implementing-restrictions-on-software-installation-using-iso-27001-control-a-12-6-2/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 06, 2018

Nov 06, 2018

Suggested Topics