Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends February 29, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

No budget to implement control A.8.12 Data Leak Prevention

  Quote
Guest
Guest user Created:   Jun 14, 2023 Last commented:   Jun 19, 2023

No budget to implement control A.8.12 Data Leak Prevention

Control A.8.12 DLP is relevant to us as Intellectual Property that's stored largely on Google Drive is one of our most important assets.

However, we do not have the budget to enable Google's DLP rules.

How do we explain this in our documentation in a way that we still pass the ISO 27001 audit?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 14, 2023

If you do not have enough budget to implement a control, your top management needs to accept this risk - however, this decision needs to be based on criteria where the investment needed for this control is higher than the damage from a potential incident. 

To accept the risk, you should list this risk as acceptable in section 4 Acceptance of Residual Risks, and mark the control A.8.12 as not applicable. 

By the way, implementing Google's DLP rules is not the only way to implement control A.8.12 Data leakage prevention.

Quote
0 0
Guest
Guy Jun 14, 2023

Hi Rhand.
Thanks for your explanation.
How else would you suggest we implement control A.8.12 Data leakage prevention?

Quote
0 0
Expert
Rhand Leal Jun 19, 2023

A way to implement control A.8.12 Data leakage prevention is by implementing the following documents (the mentioned sections specifically cover the requirements of control A.8.12):

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 14, 2023

Jun 19, 2023