Asset register
Assign topic to the user
Answer:
Simply you need to include in your asset register those assets that you can manage, so if you have a server and this server has software that you can manage (Virtual Machines, web server, email server, etc), you can include this information in your asset register.
Regarding the services provided by other companies (internet connection, housing, etc) you can see as service, and you are right, you can implement security controls related to suppliers (section A.15 Supplier relationships). Anyway, remember that the implementation of secu rity controls need to be performed after the results of the risk analysis.
This article can be interesting for you “How to handle Asset register (Asset inventory) according to ISO 27001” : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
And our online course can be also interesting for you because we give more information about the asset register “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jul 22, 2016