Handling assets
When identifying assets, can I lump them together or is it each one individually that needs a Risk Assessment completed?
Eg. 10 Servers are identified as critical assets. Can I do a Risk Assessment on Servers or do I need to list CLIENTSVR01 in the risk register.
Assign topic to the user
In case an inventory of assets is applicable to your organization, ISO 27001 does not prescribe how it must handle assets, so you can group them as best they fit your organization's needs.
For example, you can group your servers if they have similar characteristics, or share similar risks.
This article will provide you further explanation about asset register:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Comment as guest or Sign in
Dec 11, 2019