Asset management
Assign topic to the user
ISO 27001 does not prescribe any level of granularity, so you can organize the assets the way you understand that will better fulfill your needs. Considering your example, you can split assets into categories that require different levels of protection and a different number of applicable controls.
For example, you can use categories related to the laptop's purpose (e.g., "general laptops" and "development laptops").
This article will provide you a further explanation about asset register:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
This material can also be useful:
- Asset List for ISO 27001 Risk Assessment https://info.advisera.com/27001academy/free-download/asset-list-for-iso-27001-risk-assessment/
Comment as guest or Sign in
Jun 21, 2022