BLACK FRIDAY DISCOUNT
Get 30% off on toolkits, course exams, Conformio, and Company Training Academy yearly plans.
Limited-time offer – ends December 2, 2024
Use promo code:
30OFFBLACK

Expert Advice Community

Guest

E-mail use

  Quote
Guest
Guest user Created:   Oct 18, 2019 Last commented:   Oct 18, 2019

E-mail use

I have the following question regarding a decision which impacts the ISO27001:

The owner/management (small company) has a company e-mail addresses. The owner does not like working with the company e-mail solution, so he wants to automatically forward the incoming e-mails from his company inbox to his private email account (with Gmail). Additionally, he wants to send E-mails from his private email account where the sender will be shown as his company email. The use of private email addresses is generally prohibited (currently implementing policy for employees etc.). Is it possible to create an exclusion in the policies for the owner/CEO and what other implications does this e-mail forwarding/relay have with regard to the ISO27001 certification? The whole company is in the ISMS scope, but not the mentioned private email account.

0 1

Assign topic to the user

ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS

Basics of identification of interested parties and their requirements.

ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS

Basics of identification of interested parties and their requirements.

Expert
Rhand Leal Oct 18, 2019

ISO 27001 does not prescribe specific rules on email security, only that related unacceptable risks are treated. Considered that, it is possible to create exclusions for the use of email service to fulfill this specific need, provided that unacceptable risks related to e-mail forwarding/relay are treated.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 18, 2019

Oct 18, 2019