Expert Advice Community

Guest

Employee private devices

  Quote
Guest
Guest user Created:   Aug 12, 2019 Last commented:   Aug 12, 2019

Employee private devices

Should we include the (private) devices (mobile phones) of our employees in the asset register? In the scope document we have referenced that all assets in the asset register are within the scope. The employees access e-mails via the outlook app and therefore have information of the company on their devices. Is there any up/downside to adding the mobile devices? It would be around 20 devices.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 12, 2019

Answer:

By including private devices in your asset register would mean that all information on them (both company and private) would have to be treated according company security rules, and this will add unnecessary effort and complexity to your ISMS (because users' private data).

A better approach would be not include the private devices in your asset register and identify the risk that business data can be accessed by private devices. This way you can focus on protecting only the business data, and this can be done by means of implementing a BYOD policy.

This article will provide you further explanation about managing private devices:
- How to write an easy-to-use BYOD policy compliant with ISO 27001 https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 12, 2019

Aug 12, 2019

Suggested Topics

Guest user Created:   Nov 08, 2018 ISO 27001 & 22301
Replies: 1
0 0

Risk assessment

Guest user Created:   Sep 23, 2021 ISO 27001 & 22301
Replies: 1
0 0

Terminating Employee

Guest user Created:   Jul 27, 2021 ISO 27001 & 22301
Replies: 1
0 0

Smart devices