Skip to content
arrow_back
Annex A 8.17
search
Annex A 8.17 verified ISO/IEC 27001:2022

Clock synchronisation for information systems

Ensure all system clocks are set to the same time source to aid in event tracking and investigations.

Technological controls Detective ISO/IEC 27001:2022time synchronisationlogging
record_voice_over

Plain language

This control is about making sure all the clocks on your organisation's computers and systems are set to the exact same time. This consistency helps when you need to track what happened and when, especially if you're investigating an incident or resolving a dispute. If the clocks are off, it can be hard to prove the sequence of events, which can cause issues with accountability or legal matters.

Framework

ISO/IEC 27001:2022

Control effect

Detective

ISO 27001 domain

Technological controls

Classifications

N/A

Official last update

24 Oct 2022

Control Stack last updated

19 May 2026

Maturity levels

N/A

Official control statement

The clocks of information processing systems used by the organisation shall be synchronised to approved time sources.
verified ISO/IEC 27001:2022 Annex A 8.17
priority_high

Why it matters

Unsynchronised system clocks hinder accurate log/event correlation, weakening investigations, audit trails and incident response timing.

settings

Operational notes

Configure NTP on all hosts to approved time sources; monitor drift (eg <100 ms) and alert on offsets or NTP failures.

build

Implementation tips

  • The IT Manager should ensure there is a standard reference time source for the organisation. To do this, set up a clock that is linked to a reliable time source, like a national atomic clock or GPS system. Use network protocols, like NTP (Network Time Protocol), to keep all computers and devices synced to this time.
  • The IT Department should develop and document a policy for clock synchronisation. This policy should explain why accurate timekeeping is critical and provide steps for maintaining it, including setting up and monitoring time sources according to ISO 27002:2022 guidance.
  • Procurement should ensure that all new systems and software purchased support time synchronisation mechanisms. When evaluating suppliers, ask about their products' compatibility with common time-synchronisation protocols like NTP and their ability to work with external reliable time sources.
  • System Administrators should regularly check and maintain the synchronisation configuration on networks and individual devices. This includes periodically verifying that all clocks on the systems are correctly aligned with the chosen reference time source.
  • Security Officers should monitor the synchronisation process and document any discrepancies. They should implement alerts to detect when a system falls out of sync, ensuring any such issues are investigated promptly to mitigate security risks.
fact_check

Audit / evidence tips

  • AskThe organisation's clock synchronisation policy and procedures GoodA clear, well-documented policy that specifies time sources and protocols used
  • AskLogs or reports from the time synchronisation service GoodUniform time with minimal discrepancies between systems, indicating successful synchronisation
  • AskDocumentation of the external time sources used GoodThe use of recognised, accurate time sources such as national atomic clocks or GPS systems
  • AskTo see records of system checks related to clock synchronisation GoodRegular checks with detailed records and quick resolutions of any noted discrepancies
  • AskEvidence of routine training or communication to IT staff about clock synchronisation importance GoodRegular updates or sessions that reinforce the importance and practices of maintaining synchronised clocks
link

Cross-framework mappings

How Annex A 8.17 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.

E8

Control Notes Details
handshake Supports (3) expand_less
E8-RA-ML2.7 E8-RA-ML2.7 requires privileged account and group management events to be centrally logged
E8-RA-ML2.10 E8-RA-ML2.10 requires cyber security events to be analysed in a timely manner to identify cyber security incidents
E8-AH-ML2.15 E8-AH-ML2.15 requires timely analysis of cyber security events to identify incidents
extension Depends on (2) expand_less
E8-AC-ML2.5 E8-AC-ML2.5 requires allowed and blocked application control events to be centrally logged for monitoring and investigation
E8-AH-ML2.11 E8-AH-ML2.11 requires that PowerShell module logging, script block logging and transcription events are centrally logged for monitoring a...

ASD ISM

Control Notes Details
sync_alt Partially overlaps (1) expand_less
ISM-0988 Annex A 8.17 requires synchronisation of information system clocks to approved time sources
handshake Supports (1) expand_less
ISM-0585 Annex A 8.17 addresses synchronising information system clocks to approved time sources

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

school

Want to implement this control?

Mindset Cyber runs PECB-accredited ISO/IEC 27001 training that maps directly to the controls in this library.

Mapping detail

Mapping

Direction

Controls