Employee private devices
Assign topic to the user
Answer:
By including private devices in your asset register would mean that all information on them (both company and private) would have to be treated according company security rules, and this will add unnecessary effort and complexity to your ISMS (because users' private data).
A better approach would be not include the private devices in your asset register and identify the risk that business data can be accessed by private devices. This way you can focus on protecting only the business data, and this can be done by means of implementing a BYOD policy.
This article will provide you further explanation about managing private devices:
- How to write an easy-to-use BYOD policy compliant with ISO 27001 https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/
Comment as guest or Sign in
Aug 12, 2019