So if changes happen to the Asset Inventory, how does this impact the RTP, the risk report or the SoA. What are centering documents, like the measures document?
Answer:
If there are changes in the asset inventory (for example you add a new asset), you will need to update your risk assessment, because there will be new risks. If these risks are above of the aceptable level, you will also need to update the Risk Treatment Plan (RTP), and probably you will need to update the SoA if there are necessary new security controls.
Regarding centering documents, I am not sure what you mean, but you could have in the same document information about the risk assessment (including the asset inventory) and the risk treatment (it is better if you have an independent document for the SoA).
Finally, this article about asset inventory can be interesting for you How to handle Asset register (Asset inventory) according to ISO 27001 : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Comment as guest or Sign in
Jan 12, 2016