Interested parties
Assign topic to the user
Answer: The way employees families should be considered will depend upon how they can impact, or be impacted by the organization's information security needs (you can determine that by identifying the organizational context as required by ISO 27001 clauses 4.1 and 4.2). Some examples may be:
- a family member using an employee's device (e.g., notebook, tablet, etc.) connected to organization's systems which may accidentally disclose sensitive information or install a malware
- a family member may be held hostage to force an employee to reveal organization's sensitive information
In both cases the organization may identify a real risk that should be mitigated and consider the implementation of proper controls.
These articles will provide you further explanation about context and interested parties identification:
- How to identify interested parties according to ISO 27001 and ISO 22301 https://adv isera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301/
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
These materials will also help you regarding context and interested parties identification:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 29, 2017