Guest user Created: Nov 06, 2018 Last commented: Nov 06, 2018

A.12.5.1 concepts

I have a question about control A.12.5.1: what does „software on systems in the organisation“ mean and include? Does it include the workstation of the employees too?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Nov 06, 2018

Answer:

"... software on operational systems.", as part of the description of control A.12.5.1 (Installation of software on operational systems) of ISO 27001 Annex A, refers to any software that is used in normal daily operations of an organization. This includes either software used on datacenters (e.g., database management systems, corporate backup software, etc.), as well as software used on employees workstations (e.g., e-mail clients, word processors, etc.).

For examples of implementation to support this control I suggest these materials:
- How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/
- Implementing restrictions on software installation using ISO 27001 control A.12.6.2 https://advisera.com/27001academy/blog/2016/02/08/implementing-restrictions-on-software-installation-using-iso-27001-control-a-12-6-2/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 06, 2018

Expert Advice Community

A.12.5.1 concepts

A.12.5.1 concepts

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

Understanding the core concepts of RPO & RTO - ISO 22301

Security concepts

A.12.5.1 Vs A.12.6.2