Access control policy template content
Assign topic to the user
A.9.2.5 Security of equipment off premises
Control
Security shall be applied to off-site equipment taking into account the different risks of working outside the organization’s premises.
I am not seeing the relationship there. Perhaps I'm missing an important point here. Can you lend me some guidance?
Answer: Sorry, but you are making a mistake here. ISO 27001:2013 control A.9.2.5 refers to "Review of user access rights" (Asset owners shall review users’ access rights at regular intervals). The control about "Security of e quipment and assets off-premises" is the A.11.2.6, which is not covered by this template (this control was A.9.2.5 in the ISO 27001:2005, which was withdraw when version 2013 was released). Here you can find the current version of the standard: https://www.iso.org/standard/54534.html
This article will provide you further explanation about Access control:
- How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
This material will also help you regarding access control:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Feb 10, 2018