A question has arisen regarding the documentation toolkit for ISO 27001:
Under what circumstances may private hardware used for business purposes be excluded from the scope - is this allowed according to ISO 27001, 27017 and 27018?
ISO 27001/ISO 27017/ISO 27018 allow the usage of private hardware, and you can exclude this hardware from the ISMS scope - this is pretty common in companies that have remote workers.
Once you specify in your ISMS scope document that private hardware is out of the scope, you need to ensure compliance with security rules by signing agreements with workers that use such hardware where you will specify specific security rules for using such hardware.
In your toolkit, you will find the document "Security clauses for suppliers and partners" in folder 08 Annex A Security Controls - A.15 Supplier relationships - you can use clauses from this document in the agreement with your workers.