Expert Advice Community

Guest

Asset inventory

  Quote
Guest
Guest user Created:   Sep 16, 2022 Last commented:   Sep 16, 2022

Asset inventory

A question arose about the item “asset inventory”: in control A.8.1.1, should the table contain all assets individually or by group as in the risk analysis table?

Example: In the risk analysis, we identified a group of professionals as “specialist employees” and did the risk analysis on this asset, then in the asset inventory table do we need to define each of these people? Another example: we also defined in the risk analysis worksheet “employees' computers” as an asset, in the inventory table do we need to specify one by one?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 16, 2022

Control A.8.1.1 does not prescribe how to define assets, so for assets that share the same threats and vulnerabilities, they can be defined with a single asset, as in your example “expert employees”, it is not necessary to define them individually. The same goes for the “employee computers” example.

For more information on asset inventory, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 16, 2022

Sep 16, 2022