Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

Asset and Risk Owners - can it be a role and also a name of an employee

  Quote
Guest
Guest user Created:   Sep 20, 2023 Last commented:   Sep 20, 2023

Asset and Risk Owners - can it be a role and also a name of an employee

In the asset and risk registers, can the asset owner and risk owner be both a role (like IT Manager) and also the name of a specific employee? Or does it have to be one of those and cannot be the other?

0 0

Assign topic to the user

ISO 27001 FOUNDATIONS COURSE

Everything you need to know about ISO 27001.

ISO 27001 FOUNDATIONS COURSE

Everything you need to know about ISO 27001.

Expert
Rhand Leal Sep 20, 2023

ISO 27001 does not prescribe how to define asset/risk owner, so both role and name (used together or separated) are acceptable alternatives, compliant with the standard, for defining the asset/risk owner.

We recommend always using only the role of asset/risk owner because changing a role as owner is less frequent than changing an employee, and this way, you will have less administrative effort. 

For more information, check out how to handle an asset register/asset inventory.

Read this article to find out the difference between risk owners and asset owners.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 20, 2023

Sep 20, 2023

Suggested Topics

Lajvar Created:   Apr 29, 2024 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment plan

Tanya S Created:   Dec 01, 2023 ISO 27001 & 22301
Replies: 1
0 0

Residual Risk Calculations