How to implement ISO 27001 Annex A 5.10 Acceptable Use Of Information And Other Associated Assets

In this tutorial video I show you how to implement ISO 27001 Annex A 5.10 Acceptable Use Of Information And Other Associated Assets to pass the audit. This step by step tutorial walks you through how to implement it, pass the audit, common mistakes people make and what an auditor will look for.

I show you exactly what changed in the ISO 27001:2022 update and exactly what you need to do for ISO 27001 certification.

*What is ISO 27001 Annex A 5.10 Acceptable Use Of Information And Other Associated Assets?*

ISO 27001 Annex A 5.10 Acceptable Use Of Information And Other Associated Assets is an ISO 27001 control that requires you to tell people what they can and what they cannot do with organisation assets. These assets include devices and data.

*Do It Yourself ISO 27001*

*How to implement ISO 27001 Annex A 5.10 Acceptable Use Of Information And Other Associated Assets*

To implement ISO 27001 acceptable use you are going to:

1. Acceptable Use Policy - a topic specific policy

You are going to implement and acceptable use policy for your organisation that clear sets out what is allowed and what is not allowed in terms of the use of devices and data and associated assets. The policy will be approved, communicated and accepted by all personell.

2. Implement Controls

Based on your Statement of Applicability (SOA) you will have chosen controls to mitigate risks and part of that control implementation is to reduce the risk of unacceptable use of assets. Examples of controls would include training and communication.

3. Have asset inventories

You will have asset inventories inline with Annex A 5.9 so that you know what assets you have and therefore what assets you need to protect and provide guidance on for acceptable use.

*Resources and Links*

#iso27001 #isms