Conformio expert question about asset and access mgmt processes

ISO 27001 does not require an asset management process to be implemented, only that an inventory of assets associated with the Information Security Management System (ISMS) is drawn up and maintained in case-control A.8.1.1 Inventory of assets is identified as applicable by the organization.

Considering that, Conformio enables you to draw up the list of assets during the risk assessment process by suggesting a checklist of potential assets you can find in your company.

For further information, see:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

For access management Conformio provides you with the Access Control Policy document through which you define rules on which people can access which systems and with whose authorization.

For further information, see:
- How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/