ISO 27001:2022 Annex A Control 5.10

What Is The Purpose of ISO 27001:2022 Annex A Control 5.10?

The main aim of this control is to make sure information and related assets are safeguarded, used, and managed correctly.

ISO 27001:2022 Annex A Control 5.10 ensures policies, procedures, and technical controls are in place to inhibit users from mishandling information assets.

This control seeks to set up a structure for organisations to guarantee that information and other resources are suitably safeguarded, employed and managed. It entails making sure that appropriate policies and procedures exist on all levels of the organisation, as well as implementing them regularly.

Implementing Control 5.10 forms part of your ISMS and ensures that your company has the necessary requirements in place to protect its IT assets, such as:

• Ensuring the safety of data in storage, processing and transit is paramount.
• The safeguarding and proper utilisation of IT equipment is essential. It is vital to ensure its security and use it appropriately.
• Appropriate authentication services are essential to the regulation of access to information systems.
• Processing of information within an organisation is limited to only those with the appropriate authorisation.
• The assigning of data-related duties to certain persons or roles.
• Educating and training users on their security obligations is essential. Making sure they understand their roles and responsibilities helps ensure the security of the system.

What Is Involved and How to Meet the Requirements

To fulfil ISO 27001:2022’s Control 5.10 needs, it is imperative that personnel, both internal and external, who use or have access to the organisation’s data and additional resources, are aware of the company’s information security prerequisites.

Those responsible should be held to account for any data-processing resources they use.

All personnel associated with the management of information and other related assets should be aware of the organisation’s policy on appropriate use. It is essential that everyone involved is informed of the guidelines.

All personnel who work with information and related assets should be made aware of the company’s policy on acceptable usage. As part of the specific usage policy, staff should understand precisely what is expected of them in regards to these resources.

Policy should make clear that:

1. All employees must comply with the company’s policies and procedures.
2. No employee may undertake any activity that is contrary to the company’s interests.
3. Any employee who fails to comply with the company’s policies and procedures will be subject to disciplinary action.

Particular policy pertaining to the topic should state that all personnel must adhere to the firm’s directives and protocols:

• Expectations and unacceptable actions regarding information security should be clarified for individuals.
• Permitted and prohibited use of information and other assets.
• Keeping an eye on the organisation’s operations.

Draw up acceptable use procedures throughout the full information life cycle, in line with its categorisation and identified risks. Think about the following:

• Access restrictions to support the protection of each security level must be put in place.
• Maintaining a register of authorised users of information and other associated assets.
• Ensure the security of temporary or permanent copies of information is consistent with the requirements of the context.
• Ensuring the preservation of the initial data is of utmost importance.
• Storing assets related to information according to manufacturers’ standards is essential.
• Mark all copies of electronic or physical storage media clearly for the attention of the recipient.
• The company authorises the disposal of information and other assets, as well as the deletion method(s) that are supported.

Differences Between ISO 27001:2013 and ISO 27001:2022

The 2022 version of ISO 27001 was released in October 2022; it is an improved version of ISO 27001:2013.

Annex A 5.10 in ISO 27001:2022 is not new; it is a blend of controls 8.1.3 and 8.2.3 from ISO 27001:2013.

The essence and implementation guidelines of Annex A 5.10 are similar to those of controls 8.1.3 and 8.2.3, but Annex A 5.10 combines both acceptable use of and handling of assets into one control for user-friendliness.

Annex A 5.10 additionally added a further point to 8.2.3, which pertains to the approval of disposal of information and any related assets, as well as the recommended deletion method(s).

Table of All ISO 27001:2022 Annex A Controls

In the table below you’ll find more information on each individual ISO 27001:2022 Annex A Control.

Who Is In Charge Of This Process?

This policy sets out the rules for the proper use of the company’s information and associated assets, such as computers, networks and systems, email, files and storage media. All employees and contractors must abide by it.

This policy serves to:

1. Provide guidelines for appropriate behaviour at all times.
2. Outline the consequences of any breach of conduct.
3. Ensure a safe, respectful environment for all.

The aim of this policy is to set out directives for appropriate behaviour and to detail the ramifications for violating them, in order to create a secure, respectful atmosphere for everyone.

Ensuring that the company’s data and other related assets are solely used for valid business reasons. Ensuring staff members abide by all laws and regulations regarding information security and defending the firm’s information and other related assets from risks stemming from inside or outside the company.

The Information Security Officer (ISO) has the task of designing, executing and sustaining the Acceptable Use of Information resources.

The ISO will be in charge of overseeing the utilisation of information resources across the organisation to guarantee that data is employed in a way that safeguards security and data accuracy, preserves the confidentiality of private or delicate information, averts abuse and unauthorised access to computing resources, and eliminates any unnecessary exposure or liability to the organisation.

What Do These Changes Mean for You?

The new ISO 27001:2022 standard is a revision, so you won’t need to make many alterations to be compliant with it.

Refer to our guide on ISO 27001:2022 to learn more about the implications of Annex A 5.10 on your business and how to show compliance.

How ISMS.online Helps

ISMS.online makes ISO 27001 implementation straightforward, with a comprehensive step-by-step checklist. This guide takes you through the entire process, from defining your ISMS scope to identifying risks and deploying controls.

This model creates a framework for setting up, utilising, operating, observing, evaluating, sustaining, and developing an Information Security Management System (ISMS).

Implementing the ISO 27001 standard can be an extensive endeavour, however, ISMS.online provides a comprehensive, one-stop solution to make the process much easier.

Our top-notch information security management system software offers an uncomplicated way to comprehend what must be accomplished and how to proceed.

We make it easy to manage your compliance needs. We eliminate the hassle and stress of meeting your requirements.

Reach out today to reserve a demonstration.