Guest post Created: Jan 12, 2016 Last commented: Jan 12, 2016

Asset Management Procedure

Hi Dejan, I have a question regarding the Asset management procedure, Shall we build such procedure? if it is so what should it encompass? and what we really mean by Assets (Are they only Desktops, laptops and servers or all type of assets (physical, software, hardware, intangible ...) Thanks in advance

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Kaoutar,

ISO 27001 does not require you to write an Asset management procedure - it only requires you to build an Asset inventory (control A.8.1.1 in ISO 27001:2013).

Therefore, you should write such a procedure only if you have significant risks that you want to decrease with such a document, or of your company is big and it would be difficult to handle all the assets without a written procedure. You could include the following in such a procedure: how the assets are identified and marked, where are they recorded (Asset inventory) and who is responsible, how are they disposed of, etc.

By a definition in ISO 27001, assets are anything that has value for the organization - it is not only the hardware and software, it is also information (in digital or paper form), people, infrastructure, facilities, etc.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community