Template content

Provided template consist only requirements of deploying any sort of anvivirus software with auto-updates ON, but in our case it isn't enough.
The reason i ask for assistance is that we provide SMB SaaS with access for customers to terminal servers with this software installed on it, and this software has the functionality to modify clientside source code for customization needs. We dont surely know how we shall consider this threat: as a potential to execute any malware or just as a technical vulnerability (so shall refer to A.12.6).

Can you help us to complete understanding?

Answer: There is no extended template, but as a part of the toolkit you bought you can schedule a meeting with one of our experts so he can help you develop the extensions you need. To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/

Considering the information you provided, the po ssibility to modify client's side source code should be treated as a technical vulnerability, because this feature is part of how the antivirus software works to protect the assets, but may have a negative impact that must be assessed first before releasing the software on operational environment, which can be handled by controls from section A.12.6.