SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Assets ISO 27001

Guest

Assets ISO 27001

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 11, 2021 Last commented:   Jan 11, 2021

Assets ISO 27001

ISO 27001 & 22301

Hello Dejan,

In the Appendix 1 in the toolkit I bought you are proposing some assets, I need to ask the whole company (management and so on) to give me a list of all the assets and mark whoever the ones that are more critical for our organization. But on what level should we specify the assets?

For example, the ones you specified: 

People

  • Management
  • Employers
  • Part time external employers
  • External parties that visiting the organization

Applications and databases

  • Applications (licenses)

And so on.

If we take some few real examples from our organization, should we specify detailed such as:

*** (helpdesk software, critical for giving good support to our clients)

*** (billing system for our cloud business)

Or should this be classified as a broader category such as your examples? 

Thank you

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Jan 11, 2021

ISO 27001 does not prescribe a detailed level for assets, so organizations can define the detailed level that best suits them. This is generally a balance between the administrative effort and the need for information to ensure proper security. For example, you do not need to record organizations laptops as individual assets (you can add an asset called "laptop"), but if they have specific purposes with different risk levels you can use specific assets like "laptop", "development laptop", and "finance laptop". The same concept applies to the software of your organization and other assets. 

For further information, see this article:

How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
These materials will also help you regarding:

- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 11, 2021

Jan 11, 2021

Suggested Topics
Guest user Created:   Mar 11, 2022 ISO 27001 & 22301
Replies: 1
0 0

Question about how to identify ISO 27001 ISMS Assets
Guest user Created:   Apr 06, 2017 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Implementation- A8 Assets Management
Guest user Created:   Jan 13, 2016 ISO 27001 & 22301
Replies: 1
0 0

Implement ISO 27001Identifying assets