Business abiding by ISO 27001 when using BYOD policy
How would a business abide by ISO 27001 when using a BYOD policy?
Assign topic to the user
First of all, you have to perform a risk assessment to identify which risks related to BYOD practice you have to treat, and which legal requirements (e.g., clauses of contracts, laws, or regulations) you have to fulfill. After that, you have to identify proper controls to be implemented. In general, to secure BYOD practices you have to consider the following controls:
- A.6.2.1 Mobile device policy
- A.6.2.2 Teleworking
- A.13.2.1 Information transfer policies and procedures
- A.13.2.3 Electronic messaging
Normally, these are implemented through a BYOD policy, which you can see how it looks like at this link: https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/
This article will provide you a further explanation about BYOD policy:
- How to write an easy-to-use BYOD policy compliant with ISO 27001 https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/
These materials will also help you regarding BYOD policy and for training and awareness:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free Security Awareness Training: https://advisera.com/training/awareness-session/security-awareness-training/ - this is a series of 25 videos that cover various topics related to security.
Comment as guest or Sign in
Mar 30, 2021