Guest
Asset inventory
In case if we chose IT department as SOW as we have more than 500 employees and more than 5 locations for work. What assets should we include in the inventory?
Assign topic to the user
Expert
Rhand Leal
Jun 30, 2021
First is important to note that an asset inventory is required for ISO 27001 only if:
- there are unacceptable risks that treatment demands such inventory
- there are contracts, laws, or regulations you have to follow which demands such an inventory
- there is a top management decision demanding such inventory
If none of the above-mentioned situations occurs, then there is no need to keep such inventory.
In case the inventory is required, the assets should be included considering those that can affect the information you want to protect. For example, if you want to protect R&D information, you need to identify on which servers, networks, and workstations this information flows through, is processed, or stored.
For further information, see:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Comment as guest or Sign in
Jun 30, 2021
Jun 30, 2021
Jun 30, 2021