Expert Advice Community

Guest

Use of Mobile Device and Teleworking Policy and Clear Screen and Clear Desk Poli

  Quote
Guest
Guest user Created:   May 01, 2019 Last commented:   May 01, 2019

Use of Mobile Device and Teleworking Policy and Clear Screen and Clear Desk Poli

1. What I meant by restricting access in the following question "Do we really have to restrict access in case we'd like to access the information systems in the datacenter? We do have a Mobile Device and Teleworking Policy and Clear Screen and Clear Desk Policy which is being implemented." is the fact that the authorized employees can access the data on distance (so they do not have to be in the datacenter). If we decide to include the datacenter in the scope and no other locations (home, office, etc...) the access in these other locations should be restricted. However this is not going to make things easy for the employers and the employees because the datacenter is 71,5km away from the office, this would mean that they have to travel at least 143 km's everyday.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 01, 2019
If a Mobile Device & Teleworking Policy and Clear Screen & Clear Desk Policy would not be adequate, would there be another more 'achievable' way how to restrict access?

Answer: First of all, sorry for this confusion.

Use of Mobile Device and Teleworking Policy and Clear Screen and Clear Desk Policy is the proper treatment for situations like that, where you do not have control over some locations from where employees can access information (home, office, etc...), since these policies define secure behavior for teleworkers when they are out of organization premises.

2. I assume the Risk Treatment Table only has to contain the unacceptable risks, right?

Answer: Besides unacceptable risks, the Risk Treatment Table also has to include acceptable risks related to controls you want to make modifications or improvements (e.g., if you want to update a technology related to a control, or setup new parameters).
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 01, 2019

May 01, 2019

Suggested Topics

Guest user Created:   Mar 30, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISMS Controls

Guest user Created:   Jun 13, 2019 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 and GDPR