top of page
Writer's pictureNick Beaugeard

Guardians of Off Premise Assets: ISO 27001 Control 7.9


Security, threats can come from unexpected angles, including off-premises locations. ISO 27001 Control 7.9, "Security of Assets Off Premises," underscores the significance of safeguarding assets beyond your organisation's physical boundaries. This control serves as a guardian for your valuable resources, even when they're not within your immediate reach.


Control 7.9: Security of Assets Off-Premises

Control 7.9 directs attention to the security of assets that are located outside your organisation's premises. These assets might include portable devices, backups, and data stored in cloud services. Ensuring their security is crucial to maintaining the integrity and confidentiality of your information.


The Essence of Control 7.9

Implementing Control 7.9 offers several crucial benefits:


  • Data Resilience: By securing off-site assets, you enhance your organisation's ability to recover from incidents like data breaches or disasters.

  • Regulatory Compliance: Many regulations require organisations to extend their security measures to off-premises assets, particularly if they contain sensitive or personal data.

  • Business Continuity: Protecting off-site assets contributes to the overall resilience of your business operations.


Implementing Control 7.9

Here are key steps to effectively implement Control 7.9:


  • Inventory: Create a comprehensive inventory of all off-site assets, including their locations, purposes, and associated risks.

  • Access Controls: Implement strong access controls for off-site assets, including encryption, multi-factor authentication, and regular access reviews.

  • Physical Protection: If applicable, ensure that physical protection measures are in place for assets stored in remote locations.

  • Vendor Security: If using third-party services or vendors for off-site asset storage, ensure that they adhere to stringent security practices.


Personal Experience Perspective

During one security audit, I encountered a scenario where an organisation's off-site backups were inadequately protected. While their on-premises security was robust, the lack of similar measures for their off-site backups left them vulnerable. This experience highlighted the importance of extending security practices beyond the main office.


Final Thoughts

ISO 27001 Control 7.9 serves as a reminder that your organisation's assets extend beyond the walls of your office. The security of off-premises assets is a critical component of a comprehensive information security strategy. By addressing the challenges posed by remote storage and ensuring their protection, organisations can maintain control over their data and maintain the trust of

1 view0 comments

Comments


bottom of page