ISO/IEC 27001 Control 5.10: Acceptable use of information and other associated assets

Rules for the acceptable use and procedures for handling information and other associated assets should be identified, documented and implemented.

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

Audit trail, object history and meta-data can be used to record access rights information.

MidPoint assignments provide a record of authorized users of information, including meta-data recording reasons for assigning the rights. Notifications can be used to deliver guidance on acceptable use of the system at the moment the account is created on the system. MidPoint can use audit trail to record access rights of users that have or had access to assets. Object history feature can be used to reveal access rights or users related to an asset in the past.