I hope you are well and you have been having a great week so far. I was wondering could one of your highly experienced consultant answer the following ISO 27001 question.
Part of ISO 27001 we need to main an end of life process for equipment’s and maintain a system of managing re-use of the same equipment lets say in the scenario someone leaves the company etc. My question is we are 100% remote based working from several location around the world for example ***, *** and ***. How do devise a plan for such a scenario. Genuinely don’t know how to approach this. Should we pay a third – party company to manage if so how does the different location and lack of physical office structure come into play.
Using third parties with a physical presence in remote locations to manage corporate equipment is an acceptable solution for ISO 27001. In this situation, you also need to consider signing contracts or service level agreements including information security clauses to increase information protection (specifically how to dispose or re-use equipment).
In case hiring third parties to collect or receive the equipment is not a viable solution, an alternative you can consider is the use of BYOD, where employees use their own devices to work, implementing software that either forbids the storage of corporate information locally in the device (e.g., employees can only access corporate resources through a virtual machine) or that allows a remote full reset of the device.