Expert Advice Community

Guest

Assets ISO 27001

  Quote
Guest
Guest user Created:   Jan 11, 2021 Last commented:   Jan 11, 2021

Assets ISO 27001

Hello Dejan,

In the Appendix 1 in the toolkit I bought you are proposing some assets, I need to ask the whole company (management and so on) to give me a list of all the assets and mark whoever the ones that are more critical for our organization. But on what level should we specify the assets?

For example, the ones you specified: 

People

  • Management
  • Employers
  • Part time external employers
  • External parties that visiting the organization

Applications and databases

  • Applications (licenses)

And so on.

If we take some few real examples from our organization, should we specify detailed such as:

*** (helpdesk software, critical for giving good support to our clients)

*** (billing system for our cloud business)

Or should this be classified as a broader category such as your examples? 

Thank you

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 11, 2021

ISO 27001 does not prescribe a detailed level for assets, so organizations can define the detailed level that best suits them. This is generally a balance between the administrative effort and the need for information to ensure proper security. For example, you do not need to record organizations laptops as individual assets (you can add an asset called "laptop"), but if they have specific purposes with different risk levels you can use specific assets like "laptop", "development laptop", and "finance laptop". The same concept applies to the software of your organization and other assets. 

For further information, see this article:

How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
These materials will also help you regarding:

- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

- ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 11, 2021

Jan 11, 2021