Acceptable use policy and telework
Assign topic to the user
Answer: Yes, because the ‘Acceptable Use Policy’ provided with your ISO 27001 & ISO 22301 Premium Documentation Toolkit defines clear rules for the use of the information system and other information assets, including rules regarding the prevention of unauthorized access to mobile devices both within and outside of the organization’s premises.
Regarding mentioning it in the Risk Treatment Plan, you should do this only if the control is still to be implemented or if you decided to make changes in the current implemented policy.
In the video tutorials that came with your toolkit, you can see examples of how to fill out all the data for Risk treatment.
2 - What does the Standard say about an employee who works from home?
Answer: Regarding employees who work from outside the premises, the standard has the control A.6. 2.2 - Teleworking, which basically means the organization has to ensure that proper security measures are implemented in the site and on communication services to ensure proper access, processing and storage of information.
Comment as guest or Sign in
Feb 21, 2017