Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Annex A.8.3.1 to 8.3.3

  Quote
Guest
Guest user Created:   Sep 09, 2021 Last commented:   Sep 09, 2021

Annex A.8.3.1 to 8.3.3

When looking at controls in Annex A.8.3.1 to 8.3.3 regarding removable media, I cannot really understand how this is any different to the equipment mentioned in A.11.2.7 for instance. I guess both controls refer to the same objects, right? USB flash drives, CD, DVD, laptops, smartphones etc.

So basically - are 8.2.3 and 11.2.7 referring to the same objects?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 09, 2021

In your second paragraph, I’m assuming you are referring to control A.8.3.2, instead of A.8.2.3.

Considering that, please note that these controls have different coverages:

  • control A.8.3.2 (Disposal of media) focuses on the proper disposal of media that contains information, regardless it is physical or digital media.
  • control A.11.2.7 (secure disposal or reuse of equipment) focuses on the proper disposal or reuse of equipment that contains media with sensitive information.  

You can think of control A.11.2.7 as a specific application of control A.8.3.2, although these controls can be applied independently of each other.

For further information, see:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Sep 09, 2021

Sep 09, 2021