Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Business relevant data

  Quote
Guest
Guest user Created:   Mar 04, 2021 Last commented:   Mar 04, 2021

Business relevant data

The question is: what is considered ‘business-relevant data’ as mentioned in the document ‘A.8.2 IT Security Policy’ and is there a list that we can use to help us identify instances of this?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 04, 2021

In the context of ISO 27001, ‘business-relevant data’ are those identified as:

  • paramount for the achievement of business objectives, results, and outcomes;
  • impacted by the most relevant risks identified in the risk assessment;
  • related to the fulfillment of legal requirements (e.g., laws, regulations, and contracts).

In short, they are the information that will cause the most negative impact in case their confidentiality, integrity, and/or availability being compromised.

In the Risk Assessment Table template included in your toolkit, you have a tab with examples of information security assets, and there is a specific category about data and information. This template is located in folder 5 Risk Assessment and Risk Treatment.

These materials will also help you regarding ISO 27001 and information identification:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 04, 2021

Mar 04, 2021

Suggested Topics