ISO 27001 Annex : A.11.2 Equipment
ISO 27001 Annex : A.11.2 Equipment Its objective is to avoid loss, damage, theft, or compromise of assets and disrupt the operations of the organization.
A.11.2.1 Equipment Siting and Protection
Control- To mitigate the risk of environmental hazards, risks, and unauthorized access, the equipment should be sited and secured.
Implementation Guidance- To protect equipment, the following directives should be considered:
- In order to minimize unnecessary access in work areas, equipment should be sited;
- Information processing facilities that handle sensitive information should be carefully positioned to reduce the risk of unauthorized persons viewing information during their use;
- In order to avoid unauthorized access, storage facilities should be secured;
- Objects requiring special protection should be protected to reduce the required level of overall protection;
- The risk of potential threats to the environment and physicality such as theft, fire, explosives, smoke, and water, dust, vibrations, chemical effects, interference with electrical supplies, interference with communications, electric radiation and vandalism should be minimized;
- Guidelines should be defined for eating, drinking and smoking close to information processing facilities;
- Environmental factors such as temperature and humidity for factors which may have a negative effect on the operation of information processing facilities should be monitored;
- Lightening protection for all buildings, and lightning protection filters for all incoming power and communications lines should be implemented;
- In order to reduce the risk of information leakage due to electromagnetic emanation, sensitive information treatment equipment should be secured.
- Special protection methods such as keyboard membranes for equipment in industrial environments should be considered;
Related Product : ISO 27001 Lead Auditor Training And Certification ISMS
The Organization wishes that its information to remain within the CIA triads. They also ensure that the physical security controls are properly and efficiently implemented to protect the confidentiality, authenticity and/or integrity of the organization’s information and information processing facilities. The physical and environmental protection of the company is covered in Annex 11 of ISO 27001. This famous certification of lead auditor and lead implementer covers all the annexes to the security of information by implementing appropriate access controls to ensure authorized access to protect the organization. Infosavvy, a Mumbai-based institute, offers certifications and training for multiple-domain-like management of information security, cybersecurity, and many others, including the IRCA CQI ISO 27001:2013 Lead Auditor (LA) and ISO 27001 Lead Implementer (LI) (TÃœV SÃœD Certification). This certification covers several audits to keep an organization safe from the intended destructor. Infosavvy will help you to understand and identify the full extent of the physical and environmental security of your organization that is necessary to protect the operations of your organization from attacks. We have trained trainers who have ample know-how and experience in order to make sure that the information security is effectively handled. The applicant will, therefore, gain the skills needed to conduct the ISMS audit using commonly agreed audit concepts, procedures and techniques
A.11.2.2 Supporting Utilities
Control- Equipment should be secured against power failures and other disruptions caused by the supporting infrastructure failures.
Implementation Guidance- The support facilities (e.g. power, telecommunications, water, gas, sanitation, air conditioning, and ventilation) should consider the following points:
- conform to specifications and local legal requirements of the equipment manufacturer;
- be periodically assessed for its ability to fulfill corporate growth and relations with other supporting utilities;
- to be regularly inspected and tested for effective functioning;
- keep Alarm for detecting malfunctions if necessary;
- Have multiple physical routing feeds, if necessary.
It should be provided with emergency lighting and communication. Emergency switches and valves should be located close to emergency exits or equipment rooms for power, water, gas or other utilities.
Other Information- Additional redundancy can be achieved through several routes from more than a single utility provider for network connectivity.
A.11.2.3 Cabling Security
Control- Cable for power and telecommunications that carry data or support services should be safeguarded from interception, interference, or damage.
Implementation Guidance- The following cable safety guidelines should be taken into account:
- power and telecommunications lines should be underground or subject to appropriate, alternative, security into information processing facilities where possible;
- Power cables should be isolated in order to avoid interference from communication cables;
--------------------------------------------------------------------------------------------------------------------------
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com
Thanks for give me this information really this product is very effective.
ReplyDeleteiso 27001 training
Good
ReplyDeletesa8000 certification
Well, it’s time to start, Thank you :)
ReplyDeleteISO 27001 Certification
Thanks you for sharing this unique useful information content with us. Really awesome work... ISO Lead Auditor Course in Oman
ReplyDeleteWow, so amazing reasons that you have shared here & this will be must helpful for all. ISO 22000 Certification Qatar
ReplyDeleteIt is really very helpful for us and I have gathered some important information from this blog. CE Certification
ReplyDeleteThanks for sharing.
ReplyDeleteiso 27001 schulung
Very good article with very useful information. Visit our website for
ReplyDeleteISO 27001 training
This comment has been removed by the author.
ReplyDelete