Guest
Protection against abuse of rights
How can the threat of abuse of rights be countered in the CRM system? I know that cybersecurity awareness and training and NDA are solutions. Is another solution for this threat?
Assign topic to the user
Expert
Rhand Leal
Jan 04, 2022
Additional controls you can consider are access control (i.e., people only have access to what is needed for doing their job), and segregation of duties (i.e., any critical/sensitive task cannot be performed by a single person).
For further information, see:
- How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
- Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 https://advisera.com/27001academy/blog/2016/11/21/segregation-of-duties-in-your-isms-according-to-iso-27001-a-6-1-2/
Comment as guest or Sign in
Jan 04, 2022
Jan 04, 2022
Jan 04, 2022