Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Operations security

  Quote
Guest
Guest user Created:   Apr 12, 2018 Last commented:   Apr 12, 2018

Operations security

1 - Hi, does the control "A.12. Operations Security" in Annex A of ISO 27001 standards apply to server systems (where the applications/services are actually running) or the employee laptops/PCs (company assigned) ?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 12, 2018

Answer: Controls from section A.12 can be applied both to server systems and employees' equipment, although most of them are generally more applied to servers.

These articles will provide you further explanation about controls of section A.12:
- Implementing capacity management according to ISO 27001:2013 control A.12.1.3 https://advisera.com/27001academy/blog/2016/02/22/implementing-capacity-management-according-to-iso-270012013-control-a-12-1-3/
- How to manage changes in an ISMS according to ISO 27001 A.12.1.2 https://advisera.com/27001academy/blog/2015/09/14/how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/
- Implementing restrictions on software installation using ISO 27001 control A.12.6.2 https://advisera.com/27001academy/blog/2016/02/08/implementing-restrictions-on-software-installation-using-iso-27001- control-a-12-6-2/
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/

These materials will also help you regarding controls of section A.12:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

2 - What are operational systems as per ISO 27001 ?

Answer: For ISO 27001, operational systems are considered any set of software, hardware, database and othrr related assets, used in production environments, i.e., programs, applications and equipment  used daily to run the business activities.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 12, 2018

Apr 12, 2018