Asset Management Procedure
Assign topic to the user
Kaoutar,
ISO 27001 does not require you to write an Asset management procedure - it only requires you to build an Asset inventory (control A.8.1.1 in ISO 27001:2013).
Therefore, you should write such a procedure only if you have significant risks that you want to decrease with such a document, or of your company is big and it would be difficult to handle all the assets without a written procedure. You could include the following in such a procedure: how the assets are identified and marked, where are they recorded (Asset inventory) and who is responsible, how are they disposed of, etc.
By a definition in ISO 27001, assets are anything that has value for the organization - it is not only the hardware and software, it is also information (in digital or paper form), people, infrastructure, facilities, etc.
Comment as guest or Sign in
Jan 12, 2016