Control A.11.2.4
When looking at control 11.2.4, does this apply to all equipment? Or, just equipment crucial to business continuity? We do not have any equipment owned by the company other than laptops, so we are just looking to see what we need to do in terms of servicing our equipment.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
First is important to note that ISO 27001 controls that are related to business continuity are those from section A.17. Controls from other sections focus on information security, not business continuity.
Control A.11.2.4 - Equipment maintenance applies to all equipment in the ISMS scope.
Considering that, this control may be applied either to your laptops (where you will have to implement the control) or to the equipment provided to you by your supplier (e.g., WiFi router as part of the leased office where you work).
For further information about applying this control, see:
- How to implement equipment physical protection according to ISO 27001 A.11.2 https://advisera.com/27001academy/blog/2016/04/26/how-to-implement-equipment-physical-protection-according-to-iso-27001-a-11-2-part-2/
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
Comment as guest or Sign in
Sep 29, 2022