ISO/IEC 27001 Control 5.10: Acceptable use of information and other associated assets
Control
Rules for the acceptable use and procedures for handling information and other associated assets should be identified, documented and implemented.
Necessity of MidPoint
MidPoint is optional for implementation of this control.
Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.
Implementation Overview
Audit trail, object history and meta-data can be used to record access rights information.
Implementation Details
MidPoint assignments provide a record of authorized users of information, including meta-data recording reasons for assigning the rights. Notifications can be used to deliver guidance on acceptable use of the system at the moment the account is created on the system. MidPoint can use audit trail to record access rights of users that have or had access to assets. Object history feature can be used to reveal access rights or users related to an asset in the past.