The rules regarding the processing of data are made explicit and clear, including whether remote work is allowed, under what circumstances and the use of Bring-Your-Own-Device and how data storage should be handled (including paper media, USB devices, retention of the data in mail clients, how data can be exchanged with other parties, etc…)
Specification
Work in public areas is only allowed with privacy screens, use of public wifi is only allowed with VPN connection. Process owners should determine if Bring-Your-Own-Device is allowed and which rules apply.
ISO 27001 & 27002:2022
A5.10,
A5.14,
A5.33,
A5.34,
A6.7,
A7.7,
A7.10,
A8.1,
A8.26,
A8.33
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
SM.03 Mobiele apparaten en telewerken
DM.03 Beveiligingseisen voor Datamanagement