Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

BYOD and ISO 27001

  Quote
Guest
Guest user Created:   Mar 05, 2019 Last commented:   Mar 05, 2019

BYOD and ISO 27001

I do have a question on BYOD – what is required by the ISO 27001 standard? And is there any guidance you can provide?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 05, 2019

Answer:

First of all, you have to perform a risk assessment to identify which risks related to BYOD practice you have to treat, and which legal requirements (e.g. clauses of contracts, laws or regulations) you have to fulfill. After that you have to identify proper controls to be implemented. In general, to secure BYOD practices you have to consider the following controls:
- A.6.2.1 Mobile device policy
- A.6.2.2 Teleworking
- A.13.2.1 Information transfer policies and procedures
- A.13.2.3 Electronic messaging

Normally these are implemented through a BYOD policy, which you can see how it looks like at this link: https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/
This article will provide you further explanation about BYOD policy:
- How to write an easy-to-use BYOD policy complian t with ISO 27001 https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 05, 2019

Mar 05, 2019

Suggested Topics