Take the ISO 27001 course exam and get the
EU GDPR course exam for free
LIMITED-TIME OFFER – ENDS SEPTEMBER 29, 2022

Expert Advice Community

Guest

Document editing

  Quote
Guest
Guest user Created:   Apr 09, 2022 Last commented:   Apr 09, 2022

Document editing

It is the IT Security policy I am working on. We are a fully remote working organisation so I have included the remote teleworking activities because that is where we all work. We do not have any offices. WE also do not have any paper based information The IT Security policy takes the position that an organisation has offices and staff may need to work remotely/teleworking. For example, section 3.12 We do not have any paper or paper storage Or 3.12.3 We don’t have offices so protection of shared facilites and equipments never arises Or 3.1.7 Teleworking We all work remotely so does not need to be authorized as remote/teleworking is part of our employment contract.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 09, 2022

We apologize for these problems - you are right, these elements of the IT Security Policy are not best suited for fully remote organizations, and we are working on making the appropriate corrections. 

There are three options you can take: 

(1) develop the IT Security Policy from a Word template where you can edit everything according to your preferences (we will send you the template free of charge) and then upload this document to Conformio, or 

(2) declare the control A.11.2.9 Clear desk and clear screen policy as not applicable in your Statement of Applicability (you can do this only if there are no larger risks or requirements from interested parties), and then the sections "3.12.1. Clear desk policy" and "3.12.3. Protection of shared facilities and equipment" will be automatically deleted from the IT Security Policy, or 

(3) adapt the text in Conformio's IT Security Policy according to the suggestions below:

- 3.12.1. Clear desk policy - leave the text as it is, because your remote employees might have some paper documents in the future (e.g., printed unlock keys for encrypted disks, Disaster Recovery Plans, etc.). 

- 3.12.3. Protection of shared facilities and equipment - write the following "Facilities for dispatch and receipt of postal email are not existing in employee's home offices, and are protected by (this is not applicable)."

- 3.17 Teleworking - write the following "Teleworking must be authorized by the CEO by signing the employment contract."

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Apr 09, 2022

Apr 09, 2022

Suggested Topics