Expert Advice Community

Guest

E-mail use

  Quote
Guest
Guest user Created:   Oct 18, 2019 Last commented:   Oct 18, 2019

E-mail use

I have the following question regarding a decision which impacts the ISO27001:

The owner/management (small company) has a company e-mail addresses. The owner does not like working with the company e-mail solution, so he wants to automatically forward the incoming e-mails from his company inbox to his private email account (with Gmail). Additionally, he wants to send E-mails from his private email account where the sender will be shown as his company email. The use of private email addresses is generally prohibited (currently implementing policy for employees etc.). Is it possible to create an exclusion in the policies for the owner/CEO and what other implications does this e-mail forwarding/relay have with regard to the ISO27001 certification? The whole company is in the ISMS scope, but not the mentioned private email account.

0 1

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 18, 2019

ISO 27001 does not prescribe specific rules on email security, only that related unacceptable risks are treated. Considered that, it is possible to create exclusions for the use of email service to fulfill this specific need, provided that unacceptable risks related to e-mail forwarding/relay are treated.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 18, 2019

Oct 18, 2019

Suggested Topics

Guest user Created:   Mar 13, 2020 ISO 27001 & 22301
Replies: 1
0 0

Template content

Guest user Created:   Oct 14, 2019 ISO 27001 & 22301
Replies: 1
0 0

Templates content