Guest user Created: Feb 28, 2019 Last commented: Feb 28, 2019

BYOD policy content

Please can you advise for ISO 27001 what is required if as a company we allow bring your own device (BYOD) – what does the standard require and what is best practice?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Feb 28, 2019

Answer:

First of all, you have to perform a risk assessment to identify which risks related to BYOD practice you have to treat, and which legal requirements (e.g. clauses of contracts, laws or regulations) you have to fulfill. After that you have to identify proper controls to be implemented. In general, to secure BYOD practices you have to consider the following controls:
- A.6.2.1 Mobile device policy
- A.6.2.2 Teleworking
- A.13.2.1 Information transfer policies and procedures
- A.13.2.3 Electronic messaging

Normally these are implemented through a BYOD policy, which you can see how it looks like at this link: https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/

This article will provide you further explanation about BYOD policy:
- How to write an easy-to-use BYOD policy compliant with ISO 27001 https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 28, 2019

Expert Advice Community