Asset inventory
Assign topic to the user
1. I have seen a number of different examples of an IAR so was inquiring as to what the actual requirement is to meet the standard.
Answer: If ISO 27001 control A.8.1.1 (Inventory of assets) is applicable to your organization you should consider at least the name of the asset, its owner and its information classification level. Of course you can add more information to fulfill additional needs from other requirements, like GDPR.
2 . As for the Information Assets themselves. How granular do I need to be when defining them? EG Can I have the finance system as a asset, or should it be broken down into Sales, Purchase & General ledger. Or even further into Purchase Orders, Credit Notes, Invoices etc?
Answer: ISO 27001 does not prescribe any level of granularity, so you can adopt the levels you understand that will better fulfill your needs. Regarding your examples, all of them are valid fo r an ISO 27001 compliant inventory of assets.
3. Is the location of an Information Asset required as in Server Name or directory path or a simple description EG Local drive, remote server, Sharepoint?
Answer: Again the level of details will depend on your needs, but you also have to consider the controls to be implemented. For example, if you have an information asset on a server that is accessed by personnel in general, you may have to specify the directory path to ensure it has the proper access control definition. On the other hand, if the server is accessed only by personnel allowed the access this asset then you can specify only the server, because where the asset is located on the server will be irrelevant on this case.
This article will provide you further explanation about Inventory of assets:
- How to handle Asset register (Asset inventory) according to ISO 27001 How to handle Asset register (Asset inventory) according to ISO 27001
This material will also help you regarding inventory of asset:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Mar 22, 2019