1. Framework FAQs

ISO 27001: 2022 A.8.17 Clock synchronization

This article provides additional information on how you can meet the requirement for the ISO 27001: 2022 control A.8.17 Clock synchronization.

ISO 27001: 2022 Control Description

The clocks of information processing systems used by the organization shall be synchronized to approved time sources.

Purpose

To ensure accurate time-stamps for correlating and analysing security events and supporting investigations into information security incidents.

Guidance on implementation

  1. Document Time Synchronisation Requirements:
    • Identify and document all external and internal requirements for time synchronisation and accuracy. These requirements might come from legal, regulatory, contractual, or internal monitoring needs. Ensure these requirements are implemented across the organisation.
  2. Establish a Standard Reference Time:
    • Define a standard reference time for the entire organisation, including all systems that might aid in investigations, such as building management and entry/exit systems.
  3. Use Reliable Time Sources:
    • Link your systems to a reliable reference clock, such as one connected to a national atomic clock or a global positioning system (GPS). This ensures consistent and accurate time-stamps. Use protocols like Network Time Protocol (NTP) or Precision Time Protocol (PTP) to synchronise all networked systems to this reference clock.
  4. Enhance Reliability with Multiple Time Sources:
    • Consider using two external time sources simultaneously to improve the reliability of your clocks. Manage any variances appropriately to ensure accuracy.
  5. Manage Cloud Services Synchronisation:
    • If your organisation uses multiple cloud services, or a combination of cloud and on-premises services, monitor and record the time difference between each service. This helps mitigate risks arising from any time discrepancies.

Other Information

Accurate clock settings are crucial for ensuring the reliability of event logs. Inaccurate time-stamps can undermine investigations and the credibility of evidence in legal or disciplinary actions. Proper synchronisation of system clocks is essential for maintaining the integrity of security-related data.