The use of co-working spaces has increased hugely, even since the last update to ISO 27001 in 2013. Many of our clients utilise co-working spaces, such as WeWork or Regus, for either their main office, or as regional satellite offices around the country.
We often hear concerns that basing your business in a CoWorking environment could be a barrier to ISO 27001 Certification, but we’re pleased to say it isn’t.
We have helped many customers successfully achieve ISO Certification in this scenario.
How does ISO 27001 View CoWorking Spaces?
While ISO 27001 sets out a framework for information security management, with 114 potential controls you can apply, it is not specific in addressing CoWorking risks.
Among the control set are controls which may be applicable including:
– Mobile Device Management,
– Teleworking,
– Physical Perimeter Security,
– Physical Entry Controls,
– Protecting Against Environmental Threats,
– Information Security within Supplier Relationships.
The fundamental principle of ISO 27001 is to manage threats to Confidentiality, Integrity and Availability of information; so completing a comprehensive and honest Risk Assessment is the first place to start.
How Do I Manage CoWorking Risks?
As with any premises or workspace, you are likely to identify many physical, digital and human risk factors that could affect the security of information within the scope of your management system.
These might include:
- Visitor and Third Party Access to Common Areas,
- Share IT infrastructure including WIFI,
- Shared meeting room facilities,
- Cleaning and Facility Staff,
- Maintenance of equipment such as access control systems, fire alarms and air conditioning.
You should assess each risk you identify using your Information Security Management System (ISMS) methodology, and choose appropriate controls to mitigate the risk to an acceptable level.
Will the Managers of my CoWorking Space help?
Companies like WeWork and Regus provide many of the functions that would normally fall to the tenant of a traditional building, for example controlling access to the building, operating CCTV, managing visitors and providing cleaning staff.
Therefore the ‘supplier relationship’ with your CoWorking provider becomes more important.
Review the terms of your membership agreement to ensure that you are happy with the confidentiality and notice commitments within it.
Most spaces provide a community or building manager who can answer further questions, or direct you to their policies and procedures online.
Training Staff to Manage CoWorking Risks
As with many information security risks, ‘people’ are a key strength and weakness.
Assent’s Training company, Lorators, has a free Online Course to help your team manage security in shared work spaces:
SIGN UP HERE > Guidance for Workplace Security
How Do I Get ISO 27001 Certified in a CoWorking space?
The ISO 27001 Certification process for a company using a CoWorking space is like any other.
Assent consultants are experienced in implementing new ISO 27001 Management Systems and supporting existing frameworks.
Contact us to discuss further.
Source: Assent.InfoSec