ISO/IEC 27001 Control 7.9: Security of assets off-premises


Off-site assets should be protected.

Necessity of MidPoint

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

Implementation Overview

MidPoint provide mechanisms to manage non-human identities, such as mobile devices.

Implementation Details

MidPoint can manage non-human identities, such as identities for mobile devices (BYOD) or other off-premise assets. MidPoint can maintain inventory of the devices and other off-premise assets, using archetypes to distinguish individual asset types. Assignments and linked object features can be used to track possession of devices, or responsibility over assets. MidPoint can automatically manage permissions necessary for the devices to access information in applications (technical accounts), automatically provisioning and de-provisioning the access. Audit trail can be used to record changes in device possession, keeping a log of device transfers.


This control is mostly about physical security, which is out of reach of midPoint. However, midPoint can provide capabilities to inventory and manage mobile device identities.

Was this page helpful?
Thanks for your feedback