Guest user Created: Mar 21, 2017 Last commented: Mar 21, 2017

Asset owner

I have a question about the ISO 27001 Risk Assessment: If all employees have a laptop, do they all have to be mentioned separately in the Risk Assessment Table? Or can I just put 'all employees' as asset owner?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Mar 21, 2017

Answer: You are right in your assumption to substitute the mention of all single employees by a single term, but the correct one to be used is "asset user", because this term establishes that the person who handles the laptop in a given moment is the one responsible for its security. Defining "all employees" as an asset owner is the same as defining that no one is responsible for it.

This article will provide you further explanation about asset management:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

Also in the video tutorials that came with your toolkit, you can see examples of how to fill out all the data for Risk assessment and Risk treatment.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 21, 2017

Expert Advice Community

Asset owner

Asset owner

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

Asset Owner

Risk Assessment - Defining asset ownership

Who should be the asset owner