Checklist of ISO/IEC 27001-A.11.2.6 Security of equipment and assets off-premises


Information is one of the most important assets of an organization, and securing it should be a top priority. 

While many security measures are put in place to protect information while it’s on-premises, it’s also essential to ensure the security of equipment and assets when they are off-premises. 

A.11.2.6 of the ISO/IEC 27001 standard provides guidelines on the security of equipment and assets off-premises. In this article, we will discuss A.11.2.6 and provide a sample checklist to help organizations ensure the security of their equipment and assets.

Sample Checklist:

  • Does the organization have an Acceptable Use Policy or equivalent guidance covering security requirements and DOs and DON’Ts for all mobile or portable devices that are used from home or remote locations?
  • Does the policy state requirements such as appropriate custody and secure storage, physical and/or logical access control, secure connections, clear desks and clear screens, protection from strong electromagnetic fields, regular backups, etc.?
  • How is the organization ensuring that the policy is being followed in practice?
  • How are workers made aware of their obligations under the policy?
  • Are workers given enough support to achieve an acceptable level of security?


Securing equipment and assets off-premises is crucial to maintaining the confidentiality, integrity, and availability of an organization’s information. 

The A.11.2.6 guideline of the ISO/IEC 27001 standard provides a framework for organizations to follow to ensure the security of their equipment and assets off-premises. 

By following the sample checklist provided, organizations can ensure that they have appropriate policies and procedures in place to safeguard their information assets. 

See also  Checklist of ISO/IEC 27001-A.17.2.1 Availability of information processing facilities

It’s essential to keep in mind that security is an ongoing process, and organizations must regularly review and update their policies and procedures to stay ahead of the evolving threat landscape.

Leave a comment

Your email address will not be published. Required fields are marked *