Expert Advice Community

Home / ISO 27001 & 22301 / Time out and timed session

Guest

Time out and timed session

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Time out and timed session

ISO 27001 & 22301
 I was wondering if you could clear up a question for me. I have a client that says for their users of their cloud based application they need both an inactivity time-out as well as a timed session time out to be compliant. Can you shed any light on this as its hard to determine what is actually required as opposed to recommended. 
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
AntonioS Jan 12, 2016

 

Answer:

These terms are not used in the current ISO 27001:2013. They were used in the ISO 27001:2005 (but focused on Operating Systems) -Controls A.11.5.5 Session time-out (shut down inactive sessions after a defined time) and A.11.5.6 Limitation of connection time (shut down connection after a defined time in high risk applications), so we can think that now are not mandatory. Anyway if your client have implemented both controls, I think that the best is to maintain them.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   Aug 11, 2022 ISO 27001 & 22301
Replies: 1
0 0

CCTV retention time
Guest user Created:   Mar 04, 2022 ISO 27001 & 22301
Replies: 1
0 0

Advise on Project timelines for ISO 27001 Certification