Guest user Created: Jun 30, 2021 Last commented: Jun 30, 2021

Asset inventory

In case if we chose IT department as SOW as we have more than 500 employees and more than 5 locations for work. What assets should we include in the inventory?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jun 30, 2021

First is important to note that an asset inventory is required for ISO 27001 only if:

there are unacceptable risks that treatment demands such inventory
there are contracts, laws, or regulations you have to follow which demands such an inventory
there is a top management decision demanding such inventory

If none of the above-mentioned situations occurs, then there is no need to keep such inventory.

In case the inventory is required, the assets should be included considering those that can affect the information you want to protect. For example, if you want to protect R&D information, you need to identify on which servers, networks, and workstations this information flows through, is processed, or stored.

For further information, see:

How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 30, 2021

Expert Advice Community

Asset inventory

Asset inventory

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

Impact column in Asset Inventory

Asset inventory

Asset inventory