Learn more about the connected frameworks

11.2.4
ISO 27001

Laitteiden huolto

7.13
ISO 27001

Equipment maintenance

F04

Kulkuoikeuksien hallinta

PR.MA-1
NIST CSF

Asset management and repair

Other tasks from the same security theme

Laitteistojen suojaus luvattomia laitteita vastaan (TL II)

Critical
High
Normal
Low

Laitteistot suojataan luvattomien laitteiden (näppäilynauhoittimet, langattomat lähettimet ml. mobiililaitteet ja vastaavat) liittämistä vastaan.

No items found.

Baseline configuration for systems

Critical
High
Normal
Low

The organization has maintained a basic configuration requirement for IT systems and industrial control systems that takes into account security principles, such as the concept of least functionality.

PR.IP-1: A baseline configuration of information technology systems
NIST CSF

Ensuring hardware integrity

Critical
High
Normal
Low

The organization must ensure the integrity of its hardware components. This can be done:

  • With hard to copy labels
  • With verifiable serial numbers provided by the developer
  • By requiring the use of anti-tampering technologies
  • Hardware shipments include hardware and firmware upgrades


PR.DS-8: Integrity checking (hardware)
NIST CSF

Identifying the hardware that is connecting to the datacenter

Critical
High
Normal
Low

The organization must use equipment identification as a means of establishing a connection.

Where appropriate, the organization should use location-aware technologies to validate the integrity of authentication based on known device locations.

No items found.

Documentation of other protected assets

Critical
High
Normal
Low

The organization shall list all relevant protected assets to determine ownership and to ensure that security measures cover all necessary items.

A large portion of the protected assets (including data sets, data systems, personnel / units, and partners) are treated through other tasks. In addition, the organization must list other important assets, which may be, depending on the nature of its operations, e.g. hardware (servers, network equipment, workstations, printers) or infrastructure (real estate, power generation, air conditioning).

8.1.1: Inventory of assets
ISO 27001
8.1.2: Ownership of assets
ISO 27001
ID.AM-1: Physical device inventory
NIST CSF
ID.AM-2: Software and app inventory
NIST CSF
5.9: Inventory of information and other associated assets
ISO 27001

Safe placement of equipment

Critical
High
Normal
Low

For example, data processing equipment, as well as other important equipment, should be placed in the premises safely and with consideration. Placement should restrict unauthorized access to devices.

Toiminnan jatkuvuuden hallinta
F08: Toiminnan jatkuvuuden varmistaminen
11.1.3: Securing offices, rooms and facilities
ISO 27001
11.2.1: Equipment siting and protection
ISO 27001
11.1.4: Protecting against external and environmental threats
ISO 27001

Ensuring the quality of equipment maintenance

Critical
High
Normal
Low

Equipment should be serviced at intervals recommended by the supplier and in accordance with the supplier's specifications.

11.2.4: Equipment maintenance
ISO 27001
F04: Kulkuoikeuksien hallinta
PR.MA-1: Asset management and repair
NIST CSF
7.13: Equipment maintenance
ISO 27001

Basic service testing, fault tolerance evaluation and verification

Critical
High
Normal
Low

The operation of basic services (such as electricity, telecommunications, water supply, sewerage, heating, ventilation and air conditioning) will be monitored to ensure that their capacity covers business growth.

11.1.4: Protecting against external and environmental threats
ISO 27001
11.2.2: Supporting utilities
ISO 27001
Toiminnan jatkuvuuden hallinta
F08: Toiminnan jatkuvuuden varmistaminen
PR.IP-5: Physical operating environment
NIST CSF

Use of surge protectors and uninterruptible power supplies (UPS)

Critical
High
Normal
Low

Surge protectors prevent current level rises and falls from damaging the equipment. Uninterruptible power supplies (UPS), on the other hand, guarantee a limited amount of battery power, which allows you to work even during short power outages. Critical equipment is held in connection to a UPS.

11.2.2: Supporting utilities
ISO 27001
Toiminnan jatkuvuuden hallinta
F08: Toiminnan jatkuvuuden varmistaminen
PR.IP-5: Physical operating environment
NIST CSF
7.11: Supporting utilities
ISO 27001

Alarm systems for equipment environment

Critical
High
Normal
Low

Alarm systems are used to monitor the level of key environmental conditions (eg temperature and humidity) that may adversely affect the operation of data processing equipment.

Toiminnan jatkuvuuden hallinta
F08: Toiminnan jatkuvuuden varmistaminen
11.2.1: Equipment siting and protection
ISO 27001
11.2.2: Supporting utilities
ISO 27001
PR.IP-5: Physical operating environment
NIST CSF

Cabling security

Critical
High
Normal
Low

Power and communication cables that either move data themselves or support data transmission services are protected from damage, eavesdropping and interference.

The safety of cabling should take into account e.g. the following points:

  • communication lines should, as far as possible, be underground or otherwise adequately protected
  • electrical cables should be insulated from telecommunication cables to avoid interference
  • use of armored cables, electromagnetic shielding or technical raking in very critical places
11.2.3: Cabling security
ISO 27001
ID.BE-4: Dependencies and critical functions
NIST CSF
7.12: Cabling security
ISO 27001

Lightning protection

Critical
High
Normal
Low

All buildings and all incoming power lines and external communication lines are equipped with lightning protection.

11.2.1: Equipment siting and protection
ISO 27001
7.8: Laitteiden sijoitus ja suojaus
ISO 27001

Electromagnetic data breach management

Critical
High
Normal
Low

Electronic devices such as cables, monitors, copiers, tablets and smartphones leak electromagnetic radiation, from which it is possible to find out the original transmitted data with the right hardware and, for example, steal the entered username and password.

Openings in the premises' structures (windows, doors, air conditioning) are protected to prevent radiation from escaping. In addition, equipment handling confidential data is located so as to minimize the risk of leakage due to electromagnetic leakage.

11.1.3: Securing offices, rooms and facilities
ISO 27001
11.2.1: Equipment siting and protection
ISO 27001
I14: Hajasäteily (TEMPEST)
PR.DS-2: Data-in-transit
NIST CSF
7.3: Securing offices, rooms and facilities
ISO 27001

Equipment maintenance log

Critical
High
Normal
Low

Maintenance performed on the equipment is recorded in a log, which contains information e.g.:

  • of suspected and happened defects
  • of preventive and remedial actions
  • of checking the equipment after maintenance
11.2.4: Equipment maintenance
ISO 27001
PR.MA-1: Asset management and repair
NIST CSF
7.13: Equipment maintenance
ISO 27001