Document editing
Assign topic to the user
We apologize for these problems - you are right, these elements of the IT Security Policy are not best suited for fully remote organizations, and we are working on making the appropriate corrections.
There are three options you can take:
(1) develop the IT Security Policy from a Word template where you can edit everything according to your preferences (we will send you the template free of charge) and then upload this document to Conformio, or
(2) declare the control A.11.2.9 Clear desk and clear screen policy as not applicable in your Statement of Applicability (you can do this only if there are no larger risks or requirements from interested parties), and then the sections "3.12.1. Clear desk policy" and "3.12.3. Protection of shared facilities and equipment" will be automatically deleted from the IT Security Policy, or
(3) adapt the text in Conformio's IT Security Policy according to the suggestions below:
- 3.12.1. Clear desk policy - leave the text as it is, because your remote employees might have some paper documents in the future (e.g., printed unlock keys for encrypted disks, Disaster Recovery Plans, etc.).
- 3.12.3. Protection of shared facilities and equipment - write the following "Facilities for dispatch and receipt of postal email are not existing in employee's home offices, and are protected by (this is not applicable)."
- 3.17 Teleworking - write the following "Teleworking must be authorized by the CEO by signing the employment contract."
Comment as guest or Sign in
Apr 09, 2022