LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

BYOD policy content

  Quote
Guest
Guest user Created:   Feb 28, 2019 Last commented:   Feb 28, 2019

BYOD policy content

Please can you advise for ISO 27001 what is required if as a company we allow bring your own device (BYOD) – what does the standard require and what is best practice?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 28, 2019

Answer:

First of all, you have to perform a risk assessment to identify which risks related to BYOD practice you have to treat, and which legal requirements (e.g. clauses of contracts, laws or regulations) you have to fulfill. After that you have to identify proper controls to be implemented. In general, to secure BYOD practices you have to consider the following controls:
- A.6.2.1 Mobile device policy
- A.6.2.2 Teleworking
- A.13.2.1 Information transfer policies and procedures
- A.13.2.3 Electronic messaging

Normally these are implemented through a BYOD policy, which you can see how it looks like at this link: https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/

This article will provide you further explanation about BYOD policy:
- How to write an easy-to-use BYOD policy compliant with ISO 27001 https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 28, 2019

Feb 28, 2019

Suggested Topics

Guest user Created:   Apr 15, 2019 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content - BYOD policy

Guest user Created:   Dec 27, 2017 ISO 27001 & 22301
Replies: 1
0 0

BYOD Policy template content

Guest user Created:   May 25, 2021 ISO 27001 & 22301
Replies: 1
0 0

End of life and ISO 27001