Expert Advice Community

Guest

Is it necessary to supply the assessor with a record of the router configuration?

  Quote
Guest
Guest user Created:   Sep 17, 2020 Last commented:   Sep 17, 2020

Is it necessary to supply the assessor with a record of the router configuration?

Hi. I have a question relating to ISO27001. Under an ISO audit, is it necessary to supply the assessor with a record of the router configuration?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 17, 2020

If this record of the router configuration is related to the information included in the certified ISMS scope (e.g., this router allows access to R&D servers, and R&D information is included in the ISMS scope), then it has to be audited at some point during the certification cycle (i.e., during surveillance audits), so the auditor can check if the router configuration allows access only for authorized entities, and as part of the certification process the auditor has the authorization to access this information to perform the audit.

This article may provide you further information:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 17, 2020

Sep 17, 2020