I am interested how it is with online meeting recordings. Which point in ISO27001 is covering this topic? We are trying to present our proposal to the potential customer and he would like to record the meeting. In our presentation there will be a lot of sensitive information and knowhow. Can we disagree with recording based on iso27001, and if not, what we need to be careful about? I need your answer ASAP... thank you in advance.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
If your presentation contains know-how from your company, you can argue that to not allow the recording of the meeting (this would be the protection of intellectual property, and you can mention control A.18.1.2 Intellectual property rights from ISO 27001 Annex A to support your decision).
In case the client insists on the recording, then you should evaluate if the value of acquiring this new client is greater than the risks related to your know how the information is recorded. In this case, you should consider reducing the know-how content in the presentation, and add an NDA (based on control A.13.2.4 Confidentiality or nondisclosure agreements).
This article can provide related information:
- 3 reasons why ISO 27001 helps to protect confidential information in law firms https://advisera.com/27001academy/blog/2019/10/15/iso-27001-for-law-firms-3-ways-to-maintain-confidentiality/
This material can also help you:
- Step-by-step explanation of ISO 27001/ISO 27005 risk management (PDF) https://info.advisera.com/27001academy/free-download/step-by-step-explanation-of-iso-27001-risk-management
Comment as guest or Sign in
Nov 20, 2020