ISO 27001 Annex A 7.9 is about protecting your assets when they are outside your normal work area to prevent loss, damage, theft or compromise of off-site devices and interruption to the organisations operations.
Table of contents
What is ISO 27001 Annex A 7.9?
The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022).
In the ISO/IEC 27001:2022 Standard the control is titled “Security Of Assets Off-Premises”.
What is the ISO 27001 Annex A 7.9 control objective?
The formal definition and control objective in the standard is: “Off-site assets should be protected.“
What is the purpose of ISO 27001 Annex A 7.9?
The purpose of ISO 27001 Annex A 7.9 is “to prevent loss, damage, theft or compromise of off-site devices and interruption to the organisations operations.“
Is ISO 27001 Annex A 7.9 Mandatory?
ISO 27001 Annex A control 7.9 (Security Of Assets Off-Premises in the 2022 standard) is not automatically mandatory in the same way the clauses in the main body of the standard (clauses 4 through 10) are.
The mandatory part of the standard requires you to consider ISO 27001 Annex A 7.9 and all other Annex A controls, but you have the flexibility to exclude it if it is not applicable to your organisation’s specific risks and context.
Key Parts of the Rule
To follow this rule, you should have clear plans and policies. Here are some important steps:
In today’s world, you often take your work tools away from the office. This rule used to focus on the long process of approving equipment leaving the building. Things have changed, but the rule stays the same. Now it focuses on protecting your tools when they are away from your main site. It is less about the approval steps.
Education and Training
Much of this rule is simple common sense. You must tell your staff what to expect and give them proper training. Where possible, you should also use technical tools if they help lower risk.
Off Site Protection
You always want to protect important items. Here, you must look at the dangers of having company tools in places you do not control. You then need to decide what steps you can take to stop those dangers.
Public Areas
Do simple things like never leaving your equipment alone in public places. This seems like an easy thing to do. However, you often see people leave their laptops open in cafes or on trains when they walk away.
Shoulder Surfing
Many people try to read screens over your shoulder. They might look at your screen from the gaps between seats on a train or plane. You can easily do things to stop this. You can be careful about where you sit. You can also look into using privacy screens or screen protectors. You must choose what works best for you.
