SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Template content - Access control policy

Guest

Template content - Access control policy

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Oct 25, 2019 Last commented:   Oct 25, 2019

Template content - Access control policy

ISO 27001 & 22301
Hello, where is my question inside the Access Control Policy: chapter 3.4 Management of special rights Question: The business and security requirements for access are defined in the „Directory for Risk Assessment“(?) I don’t understand this. Can you explain that connection to me, please?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Oct 25, 2019

Please note that the original English text is "When allocating privileges the person responsible must take into account business and security requirements for access (defined in risk assessment), ..."

Considering this text, business and security requirements for access are not defined in the risk assessment. The risk assessment only provides additional information that must be considered when defining such accesses. An example of business requirement for access is remote access to some roles (e.g., sales staff, remote developers, etc.)

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 24, 2019

Oct 24, 2019

Suggested Topics
Guest user Created:   Feb 11, 2018 ISO 27001 & 22301
Replies: 1
0 0

Access control policy template content
Guest user Created:   Jun 29, 2021 ISO 27001 & 22301
Replies: 1
0 0

Query Regarding Internal Audit
Guest user Created:   Jul 07, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 and ISO23301 Policies