Chapter 8: Technological controls

8.1 User end point devices (ISO/IEC 27001, A.8.1)

“Information stored on, processed by or accessible via user end point devices shall be protected.”

Implementation guidance

The organisation should develop a user policy describing the controls that should be in place, and employees should only be allowed to use devices after they receive the policy and have had sufficient training and awareness education (also see 6.7 and 5.10). Devices should be required to meet an appropriate standard of security (e.g. be promptly updated to remove security vulnerabilities; see 8.8), and users should have clear guidance on what to do and who to inform should a device be lost or stolen, especially if it is a personal device ...

Get ISO 27001 Controls - A guide to implementing and auditing, Second edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISO 27001 Controls - A guide to implementing and auditing, Second edition by Bridget Kenyon

CHAPTER 8: TECHNOLOGICAL CONTROLS

8.1 User end point devices (ISO/IEC 27001, A.8.1)

Implementation guidance

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly