Assets management
Assign topic to the user
I’m assuming that by management of assets you mean the process to of developing, operating, maintaining, upgrading, and disposing of assets in the most cost-effective manner.
Considering that, please note that according to ISO 27001 it is not mandatory to document an asset management procedure.
Only rules applicable to users regarding the use of assets need to be documented, when control A.8.1.3 - Acceptable use of assets - is stated as applicable in the Statement of Applicability. The template which covers control A.8.1.3 is the IT Security Policy, which can be found in the folder 08 Annex A Security Controls >> A.8 Asset Management
To see an example of an asset management process according to ISO 20000, which is not mandatory for ISO 27001, please see:
- Asset Management Process (ISO 20000) https://advisera.com/20000academy/documentation/asset-management-process/
For further information, see:
- Asset management according to ISO 27001: How to handle an asset register / asset inventory https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Comment as guest or Sign in
May 20, 2022