Expert Advice Community

Guest

Asset inventory

  Quote
Guest
Guest user Created:   Jun 30, 2021 Last commented:   Jun 30, 2021

Asset inventory

In case if we chose IT department as SOW as we have more than 500 employees and more than 5 locations for work. What assets should we include in the inventory?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 30, 2021

First is important to note that an asset inventory is required for ISO 27001 only if:

  • there are unacceptable risks that treatment demands such inventory
  • there are contracts, laws, or regulations you have to follow which demands such an inventory
  • there is a top management decision demanding such inventory

If none of the above-mentioned situations occurs, then there is no need to keep such inventory.

In case the inventory is required, the assets should be included considering those that can affect the information you want to protect. For example, if you want to protect R&D information, you need to identify on which servers, networks, and workstations this information flows through, is processed, or stored.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 30, 2021

Jun 30, 2021

Suggested Topics