Expert Advice Community

Guest

Incorrect use of product keys

  Quote
Guest
Guest user Created:   Jan 21, 2021 Last commented:   Jan 21, 2021

Incorrect use of product keys

I am writing to find out the implications of using unlicensed product keys or incorrect licenses on ISO 27001. 

I have come across cases where there are certain products such as XXX, XXX and XXX that are not correctly used. Product keys were acquired, but the licenses were not.

I am under the assumption that the control A.18.1.2 requires an organization to use the correct licenses. Would these issues have an impact on certification if they are uncovered within an audit?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 21, 2021

The situation you reported would configure a control failure, leading to a nonconformity, that if not properly handled can impact your certification.

Regardless of that, the use of unlicensed product keys or incorrect licenses is a legal offense in many countries, and even if the related software is not in your ISMS scope, your organization should seek legal advice on how to handle the situation.

These materials will also help you regarding ISO 27001 controls:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jan 21, 2021

Jan 21, 2021

Suggested Topics