Guest user Created: Apr 15, 2022 Last commented: Apr 15, 2022

Can private hardware used for business purposes be excluded from the scope?

A question has arisen regarding the documentation toolkit for ISO 27001: Under what circumstances may private hardware used for business purposes be excluded from the scope - is this allowed according to ISO 27001, 27017 and 27018?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Apr 15, 2022

ISO 27001/ISO 27017/ISO 27018 allow the usage of private hardware, and you can exclude this hardware from the ISMS scope - this is pretty common in companies that have remote workers.

Once you specify in your ISMS scope document that private hardware is out of the scope, you need to ensure compliance with security rules by signing agreements with workers that use such hardware where you will specify specific security rules for using such hardware.

In your toolkit, you will find the document "Security clauses for suppliers and partners" in folder 08 Annex A Security Controls - A.15 Supplier relationships - you can use clauses from this document in the agreement with your workers.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 15, 2022

Expert Advice Community