Guest user Created: Sep 29, 2022 Last commented: Sep 29, 2022

Control A.11.2.4

When looking at control 11.2.4, does this apply to all equipment? Or, just equipment crucial to business continuity? We do not have any equipment owned by the company other than laptops, so we are just looking to see what we need to do in terms of servicing our equipment.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Sep 29, 2022

First is important to note that ISO 27001 controls that are related to business continuity are those from section A.17. Controls from other sections focus on information security, not business continuity.

Control A.11.2.4 - Equipment maintenance applies to all equipment in the ISMS scope.

Considering that, this control may be applied either to your laptops (where you will have to implement the control) or to the equipment provided to you by your supplier (e.g., WiFi router as part of the leased office where you work).

For further information about applying this control, see:

How to implement equipment physical protection according to ISO 27001 A.11.2 https://advisera.com/27001academy/blog/2016/04/26/how-to-implement-equipment-physical-protection-according-to-iso-27001-a-11-2-part-2/
6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Sep 29, 2022

Expert Advice Community

Control A.11.2.4

Control A.11.2.4

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

Equipment Maintenance in ISO 27001

Documentation of requirements

Query on Annex A Controls - IS027001