What to include in an ISO 27001 remote access policy

In this era of data-driven IT, managing and securing your data / information has become the most integral part of running your business. In the article below, we will take you through the best practices to consider for an ISO 27001-compliant remote access policy and effective implementation of information security controls.

Challenges for remote access policy controls

Teleworking, working while on a business trip or from your home, is becoming popular and vastly accepted by international companies due to many cost-saving factors and flexibility. Having access to your IT Infrastructure via various methods of remote access is as good as people sitting physically in your connected network and accessing your IT Infrastructure.

A study by one Switzerland-based service office provider says that 70% of people globally work remotely at least once a week, and so telecommuting is more popular than ever.

By implementing a teleworking control policy and supporting relevant security measures, the information accessed, processed, or stored at teleworking sites can be secured and protected.

To learn more about the information security controls in teleworking, read this article: How to apply information security controls in teleworking according to ISO 27001.

What to consider for your ISO 27001 remote access policy

Any entity or organization that allows teleworking must have a policy, an operational plan, and a procedure stating that the conditions and restrictions are in line with the applicable and allowed law. Here’s what should be taken into account:

  • The physical security of the teleworking site, including the building and its surrounding environment, is the first and very obvious issue to be looked into.
  • Users should never share their login or email password with anyone, not even family members.
  • Users should also be sure not to violate any of the organization’s policies, not to perform any activities that are (Read more...)

*** This is a Security Bloggers Network syndicated blog from The ISO 27001 & ISO 22301 Blog – 27001Academy authored by The ISO 27001 & ISO 22301 Blog – 27001Academy. Read the original post at: https://advisera.com/27001academy/blog/2019/04/23/iso-27001-remote-access-policy-how-to-develop-it/