End of life and ISO 27001
Assign topic to the user
Using third parties with a physical presence in remote locations to manage corporate equipment is an acceptable solution for ISO 27001. In this situation, you also need to consider signing contracts or service level agreements including information security clauses to increase information protection (specifically how to dispose or re-use equipment).
In case hiring third parties to collect or receive the equipment is not a viable solution, an alternative you can consider is the use of BYOD, where employees use their own devices to work, implementing software that either forbids the storage of corporate information locally in the device (e.g., employees can only access corporate resources through a virtual machine) or that allows a remote full reset of the device.
Normally, these rules are implemented through a BYOD policy, which you can see how it looks like at this link: https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/
This article will provide you a further explanation about the supplier relationship:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
This article will provide you a further explanation about BYOD policy:
- How to write an easy-to-use BYOD policy compliant with ISO 27001 https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/
These materials will also help you regarding supplier management and BYOD:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 25, 2021