Is there a ISO or industry recommended time for locking a computer. E.g 10-15mins
Answer:
No, there is not established a concrete time by ISO 27001, ISO 27002 (and I think neither industry recommendation). The important here is to protect the information in an unattended user equipment (it is related with the control A.11.2.8 of the Annex A of the ISO 27001:2013) but you can do it in the way that you want, or in the way that your business needs. 15 minutes can be good for a company where employees are the most of time in front of the computer, but can be long time in a company where employees are constantly moving from a computer to another, and there are people of different companies.
Finally, if you want more information about physical security in ISO 27001, you can read this article Physical security in ISO 27001: How to protect the secure areas : https://advisera.com/27001academy/blog/2015/03/23/physical-security-in-iso-27001-how-to-protect-the-secure-areas/
Comment as guest or Sign in
Jan 12, 2016