Business relevant data
The question is: what is considered ‘business-relevant data’ as mentioned in the document ‘A.8.2 IT Security Policy’ and is there a list that we can use to help us identify instances of this?
Assign topic to the user
In the context of ISO 27001, ‘business-relevant data’ are those identified as:
- paramount for the achievement of business objectives, results, and outcomes;
- impacted by the most relevant risks identified in the risk assessment;
- related to the fulfillment of legal requirements (e.g., laws, regulations, and contracts).
In short, they are the information that will cause the most negative impact in case their confidentiality, integrity, and/or availability being compromised.
In the Risk Assessment Table template included in your toolkit, you have a tab with examples of information security assets, and there is a specific category about data and information. This template is located in folder 5 Risk Assessment and Risk Treatment.
These materials will also help you regarding ISO 27001 and information identification:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Mar 04, 2021