ISO 27001 Annex : A.11.2 Equipment

ISO 27001 Annex : A.11.2 Equipment Its objective is to avoid loss, damage, theft, or compromise of assets and disrupt the operations of the organization.

A.11.2.1 Equipment Siting and Protection

Control- To mitigate the risk of environmental hazards, risks, and unauthorized access, the equipment should be sited and secured.

Implementation Guidance- To protect equipment, the following directives should be considered:

1. In order to minimize unnecessary access in work areas, equipment should be sited;
2. Information processing facilities that handle sensitive information should be carefully positioned to reduce the risk of unauthorized persons viewing information during their use;
3. In order to avoid unauthorized access, storage facilities should be secured;
4. Objects requiring special protection should be protected to reduce the required level of overall protection;
5. The risk of potential threats to the environment and physicality such as theft, fire, explosives, smoke, and water, dust, vibrations, chemical effects, interference with electrical supplies, interference with communications, electric radiation and vandalism should be minimized;
6. Guidelines should be defined for eating, drinking and smoking close to information processing facilities;
7. Environmental factors such as temperature and humidity for factors which may have a negative effect on the operation of information processing facilities should be monitored;
8. Lightening protection for all buildings, and lightning protection filters for all incoming power and communications lines should be implemented;
9. In order to reduce the risk of information leakage due to electromagnetic emanation, sensitive information treatment equipment should be secured.
10. Special protection methods such as keyboard membranes for equipment in industrial environments should be considered;

Related Product : ISO 27001 Lead Auditor Training And Certification ISMS

The Organization wishes that its information to remain within the CIA triads. They also ensure that the physical security controls are properly and efficiently implemented to protect the confidentiality, authenticity and/or integrity of the organization’s information and information processing facilities. The physical and environmental protection of the company is covered in Annex 11 of ISO 27001. This famous certification of lead auditor and lead implementer covers all the annexes to the security of information by implementing appropriate access controls to ensure authorized access to protect the organization. Infosavvy, a Mumbai-based institute, offers certifications and training for multiple-domain-like management of information security, cybersecurity, and many others, including the IRCA CQI ISO 27001:2013 Lead Auditor (LA) and ISO 27001 Lead Implementer (LI) (TüV SüD Certification). This certification covers several audits to keep an organization safe from the intended destructor. Infosavvy will help you to understand and identify the full extent of the physical and environmental security of your organization that is necessary to protect the operations of your organization from attacks. We have trained trainers who have ample know-how and experience in order to make sure that the information security is effectively handled. The applicant will, therefore, gain the skills needed to conduct the ISMS audit using commonly agreed audit concepts, procedures and techniques

Also Read : ISO 27001 Annex : A.11 Physical and Environmental Security

A.11.2.2 Supporting Utilities

Control- Equipment should be secured against power failures and other disruptions caused by the supporting infrastructure failures.

Implementation Guidance- The support facilities (e.g. power, telecommunications, water, gas, sanitation, air conditioning, and ventilation) should consider the following points:

1. conform to specifications and local legal requirements of the equipment manufacturer;
2. be periodically assessed for its ability to fulfill corporate growth and relations with other supporting utilities;
3. to be regularly inspected and tested for effective functioning;
4. keep Alarm for detecting malfunctions if necessary;
5. Have multiple physical routing feeds, if necessary.

It should be provided with emergency lighting and communication. Emergency switches and valves should be located close to emergency exits or equipment rooms for power, water, gas or other utilities.

Other Information- Additional redundancy can be achieved through several routes from more than a single utility provider for network connectivity.

Read More : https://www.info-savvy.com/iso-27001-annex-a-11-2-equipment/

---------------------------------------------------------------------------------------------------------------

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ