SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Can private hardware used for business purposes be excluded from the scope?

  Quote
Guest
Guest user Created:   Apr 15, 2022 Last commented:   Apr 15, 2022

Can private hardware used for business purposes be excluded from the scope?

A question has arisen regarding the documentation toolkit for ISO 27001: Under what circumstances may private hardware used for business purposes be excluded from the scope - is this allowed according to ISO 27001, 27017 and 27018?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 15, 2022

ISO 27001/ISO 27017/ISO 27018 allow the usage of private hardware, and you can exclude this hardware from the ISMS scope - this is pretty common in companies that have remote workers. 

Once you specify in your ISMS scope document that private hardware is out of the scope, you need to ensure compliance with security rules by signing agreements with workers that use such hardware where you will specify specific security rules for using such hardware.

In your toolkit, you will find the document "Security clauses for suppliers and partners" in folder 08 Annex A Security Controls - A.15 Supplier relationships - you can use clauses from this document in the agreement with your workers.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 15, 2022

Apr 15, 2022