Telework vs Employee home
7.2.7 “Additional facility(s) not hosting the in-scope platform(s) / system(s) may also be included as a primary scope component. However, the in-scope facility(s) of an assessment may not include physical locations not controlled by the organization and/or not managed by a service provider of the Assessed Entity (e.g. employee homes, “WeWork” offices).” does this statement, excluding employee homes, contradict certain controls that are required to be tested regarding teleworking activities such as control 0407.01y2Organizational.1 that falls under Mobile Domain?
1
vote
Emily
shared this idea