Can private hardware used for business purposes be excluded from the scope?
Assign topic to the user
ISO 27001/ISO 27017/ISO 27018 allow the usage of private hardware, and you can exclude this hardware from the ISMS scope - this is pretty common in companies that have remote workers.
Once you specify in your ISMS scope document that private hardware is out of the scope, you need to ensure compliance with security rules by signing agreements with workers that use such hardware where you will specify specific security rules for using such hardware.
In your toolkit, you will find the document "Security clauses for suppliers and partners" in folder 08 Annex A Security Controls - A.15 Supplier relationships - you can use clauses from this document in the agreement with your workers.
Comment as guest or Sign in
Apr 15, 2022