In the example for this section, "XYZ bank" is identified by name as a customer in the register. We are a SaaS provider with over 1,000 companies using our product to service their clients. We certainly do not need to list each and everyone since our service/product is the same for all. How would we identify our clients then?
Assign topic to the user
In situations like this one, if the information security requirements of your customers are exactly the same, then you can use one item for all of your customers, there is no need to segment them.
In case you need to identify specific clients due to other business needs, a common approach is to organize customers according to previously defined criteria (e.g., customer size, customer region, customer revenue level, customers under the same requirements set, etc.). This way you can keep a balance between the number of entries in the register and relevant analytical information.
In case you have companies with unique characteristics or companies you want to maintain a closer look at, you can include them individually.
This article will provide you a related explanation about assets management you can apply to this case:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Comment as guest or Sign in
Apr 15, 2021