Expert Advice Community

Guest

Categorization of assets

  Quote
Guest
Guest user Created:   Apr 13, 2019 Last commented:   Apr 13, 2019

Categorization of assets

Regarding asset identification, when dividing into primary assets(business process and information assets) and supporting assets (hardware, software, people, documentation etc) - how should you assess regarding information assets what is categorized as a primary asset vs a supporting asset?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 13, 2019

Examples: Would you say contracts are a primary asset or a supporting asset. How about job descriptions, NDA, SLA, DPA, Sales offers. Is there a good technique on how to categorize properly? In the risk assessment table template from Advisera, only suggested assets are listed.

Answer:

ISO 27001 does not prescribe asset categorization, so you do not need to implement further categorization than that is already provided on the suggested list of assets on the risk assessment table template (add such categorization will only unnecessarily complicate the process.).

Contract, job descriptions, NDA, SLA, and DPA are documentation, while sales offers is information (unless this refers to the name of a document)

This article will provide you further expl anation about asset register:
- How to handle Asset register (Asset inventory) according to ISO 27001https://advisera.com/27001academy/pt-br/blog/2016/10/25/onde-a-seguranca-da-informacao-se-encaixa-em-uma-organizacao/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 13, 2019

Apr 13, 2019

Suggested Topics