LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Asset owner

  Quote
Guest
Guest user Created:   Mar 21, 2017 Last commented:   Mar 21, 2017

Asset owner

I have a question about the ISO 27001 Risk Assessment: If all employees have a laptop, do they all have to be mentioned separately in the Risk Assessment Table? Or can I just put 'all employees' as asset owner?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 21, 2017

Answer: You are right in your assumption to substitute the mention of all single employees by a single term, but the correct one to be used is "asset user", because this term establishes that the person who handles the laptop in a given moment is the one responsible for its security. Defining "all employees" as an asset owner is the same as defining that no one is responsible for it.

This article will provide you further explanation about asset management:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

Also in the video tutorials that came with your toolkit, you can see examples of how to fill out all the data for Risk assessment and Risk treatment.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 21, 2017

Mar 21, 2017

Suggested Topics